We'd get intrusion emails from sysadmins, particulars, etc. We had a set of rule (sysadmins complaint had more weight than regular individuals, but we still took both into account).
If we received enough complaints (10 invidiual or 2 sysadmins iirc), you'd get a call from me or a colleague of mine, asking you to refrain. 2nd time would be a final warning, 3rd time was a complete disconnection of your Internet services.
We were getting complaints from RIAA back in the day, and would process those complaints with the same rule as sysadmins.
Agreed, back in the day, botnets and all were WAY less widespread than they are now, so I'd say that 75-80% of the time, it was the actual person who did the deed (guy's registered email adress is "leetdude at videotron dot ca" and the alias they caught him under on IRC was "leetdudeqc" for example), where nowaday, a lot of people do "bad deeds" unknowingly because their computer was zombified. But even then, after a single warning, you should get your shit together and get your computer fixed, cleaned, protected. A 30$ router and a 60$ AV/AS software works wonders (not PERFECT, but a lot better than an unpatched unprotected computer plugged in directly in the cablemodem).