Security News > 2024 > January > Data regulator fines HelloFresh £140k for sending 80M+ spams

Food delivery company HelloFresh is nursing a £140,000 fine by Britain's data privacy watchdog after a probe found it had dispatched upwards of a staggering 79 million spam email and one million texts in just seven months.

The Information Commissioner's Office says the company claimed messages were based on an opt-in statement, yet this statement did not include any reference to the sending of marketing messages via text.

Customers weren't give ample information that their data would be used for marketing messages for up to two years after they'd cancelled their HelloFresh subscription, the regulator added.

The investigation discovered that between August 23, 2021 and February 23, 2022, HelloFresh hit send on 80,993,013 messages, including 79,779,279 emails and 1,113,734 texts to subscribers.

It also found that even after people had asked HelloFresh to cease and desist, the spams continued.

"Customers weren't told exactly what they were opting into, nor was it clear how to opt out. From there, they were hit with a barrage of marketing texts they neither want nor expect, and in some cases, even when they told HelloFresh to stop, the deluge continued."

News URL

https://go.theregister.com/feed/www.theregister.com/2024/01/12/data_regulator_fines_hellofresh_140k/