Britain's biggest abortion provider was fined Friday by a data protection watchdog after a computer hacker obtained the details of thousands of women who had sought its help.
Convicted hacker James Jeffery threatened to publish the names of those who sought advice from the British Pregnancy Advice Service (Bpas) charity.
The Information Commissioner's Office watchdog criticised the provider for not storing personal data securely and fined it £200,000 ($335,000, 240,000 euros) for a "serious breach" of the Data Protection Act.
The ICO said Bpas "didn't realise" that its own website was storing names, addresses, dates of birth and telephone numbers, how long the information was being retained for, nor that the website was not sufficiently secure.
"Ignorance is no excuse," David Smith, the ICO's deputy commissioner and director of data protection.
"It is especially unforgivable when the organisation is handling information as sensitive as that held by the Bpas. Data controllers must take active steps to ensure that the personal data they are responsible for is kept safe."
Jeffrey was jailed for two years and eight months in 2012 for the theft of 10,000 database records held by the charity containing women's personal details.
A member of the international computer hacking group Anonymous, Jeffrey was described by the judge in the case as a "zealot with an anti-abortion campaign".
Bpas said the hacker did not obtain medical records, and it intends to appeal against the fine.
"We accept that no hacker should have been able to steal our data but we are horrified by the scale of the fine, which does not reflect the fact that Bpas was a victim of a serious crime," said chief executive Ann Furedi.
"Bpas is a charity which spends any proceeds on the care of women who need our help.
"It is appalling that a hacker who acted on the basis of his opposition to abortion should see his actions rewarded in this way."
Explore further: Estonia citizen extradited to NY in cyber case