The ICO said Bradford-based Provident Personal Credit had failed to ensure that two businesses it had engaged to send out nearly one million marketing text messages had obtained the necessary consent from recipients to do so.
PPC was responsible for a "serious contravention" of the UK's Privacy and Electronic Communications Regulations (PECR) (14-page / 3.05MB PDF) as a result, it said.
In total, 999,057 unsolicited text messages were sent on behalf of PPC between 6 April and 13 October 2015, an ICO investigation found. The investigation was prompted by 285 complaints from the public, the watchdog said.
ICO head of enforcement Steve Eckersley said: "“The law is clear. You can’t send marketing texts to people who have not signed up to receive them. Being bombarded with texts you didn’t ask for and don’t want is an intrusion into people’s privacy, an irritation and, in the worst cases can be upsetting."
"Companies have no excuse whatsoever for sending nuisance texts, whether they do it themselves or employ someone else to do it for them," Eckersley said.
According to the ICO's recently published annual report for 2016/17 (80-page / 401KB PDF), the watchdog issued 23 fines to organisations for breaches of PECR last year. The fines imposed totalled over £1.9 million.