Great story, instantly reminded me of another classic tale (in Russian) https://oldmann.livejournal.com/63085.html
TL;DR: In a big corporate network, connected to the world with 10 Mbits main and 2 Mbits backup, local BOFHs posted monthly a top 20 traffic users and top 20 URLs visited by said users. In a Russian Russia there were no GDPR in 1990s. All was well until someone highlightered up on a printout a 12 Gigs of traffic (a huge volume of data back then) from a certain site named analsexmoviesonline.com. The culprit was 60 years old distinguished gentleman. He resigned within three months "due to difficult circumstances".
My own story, an educational organization, not much of a big network, 5 Mbits uplink, a rack of 24 Zyxels for remote users access, and a lots of traffic quotas overruns. Quotas were set department-wide and in case of overruns we usually sent a list of offenders (and a most visited sites, yes) to dept head and let them deal with offenders internally. This backfired wonderfully one day then we were asked for a "forbidden sites list" from freshly connected department.