Major privacy violation with HTA (toll vendor)
#1
Original Poster
Join Date: Jan 2009
Location: OKC
Programs: IHG Spire, National Exec, AA Plat
Posts: 2,274
Major privacy violation with HTA (toll vendor)
At a minimum, this looks to apply to both National and Enterprise. I will not be using tolls in a rental vehicle moving forward because of this.
I had a rental a week or so ago in Texas, and used the toll roads. Just got my toll bill - all is good there, but I googled one of the toll charges just to determine where it was and if I was charged the tag or mail rate out of curiosity. The google search was for "SH 45 HEATHER BLVD ENT" which is a legitimate charge for my trip.
However, the 4th result links to a random Enterprise/HTA customer's invoice and contains their name, address, rental and toll details, and last 4 of the CC.
I have emailed this to both National and HTA, but fully expecting to get a generic response. Anyone here from National/Enterprise that can get this to the right teams ASAP to fix this, or anyone have any contacts?
I had a rental a week or so ago in Texas, and used the toll roads. Just got my toll bill - all is good there, but I googled one of the toll charges just to determine where it was and if I was charged the tag or mail rate out of curiosity. The google search was for "SH 45 HEATHER BLVD ENT" which is a legitimate charge for my trip.
However, the 4th result links to a random Enterprise/HTA customer's invoice and contains their name, address, rental and toll details, and last 4 of the CC.
I have emailed this to both National and HTA, but fully expecting to get a generic response. Anyone here from National/Enterprise that can get this to the right teams ASAP to fix this, or anyone have any contacts?
#2
Company Representative - AutoSlash and HotelSlash
Join Date: Jun 2006
Location: autoslash.com | hotelslash.com
Posts: 5,658
This looks to be an errant invoice from another customer from back in 2019. Is this problem repeatable, meaning, does it come up consistently when you view your own statement or was it a one-time glitch?
You might consider escalating to one or both of these individuals:
Will Withington
SVP, North American Operations
[email protected]
Randal Narike
EVP, Customer Experience
[email protected]
Hope this helps!
You might consider escalating to one or both of these individuals:
Will Withington
SVP, North American Operations
[email protected]
Randal Narike
EVP, Customer Experience
[email protected]
Hope this helps!
#5
Join Date: Feb 2019
Programs: Delta. AA, National EE, HH
Posts: 162
#6
Original Poster
Join Date: Jan 2009
Location: OKC
Programs: IHG Spire, National Exec, AA Plat
Posts: 2,274
Just sent it to the two contacts above. I found 91 results in my searching.
I wonder if we should post something similar in the other rental car forums that use HTA for tolls and send it to their execs as well?
I wonder if we should post something similar in the other rental car forums that use HTA for tolls and send it to their execs as well?
#7
Original Poster
Join Date: Jan 2009
Location: OKC
Programs: IHG Spire, National Exec, AA Plat
Posts: 2,274
Update: I've heard nothing back from the contacts mentioned above, nor from the general feedback that I submitted on National and HTA's websites.
I guess nobody cares.
I guess nobody cares.
#8
Join Date: Feb 2019
Programs: Delta. AA, National EE, HH
Posts: 162
#9
Join Date: Mar 2011
Location: Window Seat
Programs: National Executive, HHonors Gold, IHG Platinum, Hyatt Visitor
Posts: 2,495
I think the error is with the Texas toll system. They are the one presenting the data. Enterprise/National data comes in based on the renter but it isn't Enterprise/National hosting this public website with personal information. Whoever is in charge of this Texas toll system needs to be contacted.
Enterprise/National probably isn't responding because it isn't their server hosting the data and they want no liability. Which is poor service. A response that we are not responsible for the website hosting the data please contact Texas xxxyyy for further information and we are also sending this information to our internal contact at Texas xxxyyy would go a long ways. Maybe legal is working on it.
Enterprise/National probably isn't responding because it isn't their server hosting the data and they want no liability. Which is poor service. A response that we are not responsible for the website hosting the data please contact Texas xxxyyy for further information and we are also sending this information to our internal contact at Texas xxxyyy would go a long ways. Maybe legal is working on it.
#10
Join Date: Mar 2011
Location: Window Seat
Programs: National Executive, HHonors Gold, IHG Platinum, Hyatt Visitor
Posts: 2,495
Now I am looking at the website with the personal information and I see a link to someone's Enterprise bill on an Enterprise letter. This makes the website look like it is Enterprise (I know this is just a contractor).
Enterprise/National should care about this given how it presents.
Major privacy violation here.
Sometimes it feels like nobody cares about anything at these big corporations/government contractors anymore which is what you are up against here. But anyone who's data was available publicly in this manner should absolutely care. There have to be some privacy rules protecting this (well maybe not in Texas). But HTA operates in states other than Texas and is doing this in those states too.
Enterprise/National should care about this given how it presents.
Major privacy violation here.
Sometimes it feels like nobody cares about anything at these big corporations/government contractors anymore which is what you are up against here. But anyone who's data was available publicly in this manner should absolutely care. There have to be some privacy rules protecting this (well maybe not in Texas). But HTA operates in states other than Texas and is doing this in those states too.
#12
Join Date: Jan 2008
Location: JFK, DCA, BUR, YVR
Programs: AC, AS, BA, DL, HH (D), MR (T/LTP), UA (*S), UScAAre (PLT/1,87MM), WN
Posts: 5,207
I think the error is with the Texas toll system. They are the one presenting the data. Enterprise/National data comes in based on the renter but it isn't Enterprise/National hosting this public website with personal information. Whoever is in charge of this Texas toll system needs to be contacted.
Enterprise/National probably isn't responding because it isn't their server hosting the data and they want no liability. Which is poor service. A response that we are not responsible for the website hosting the data please contact Texas xxxyyy for further information and we are also sending this information to our internal contact at Texas xxxyyy would go a long ways. Maybe legal is working on it.
Enterprise/National probably isn't responding because it isn't their server hosting the data and they want no liability. Which is poor service. A response that we are not responsible for the website hosting the data please contact Texas xxxyyy for further information and we are also sending this information to our internal contact at Texas xxxyyy would go a long ways. Maybe legal is working on it.
#13
Original Poster
Join Date: Jan 2009
Location: OKC
Programs: IHG Spire, National Exec, AA Plat
Posts: 2,274
I think the error is with the Texas toll system. They are the one presenting the data. Enterprise/National data comes in based on the renter but it isn't Enterprise/National hosting this public website with personal information. Whoever is in charge of this Texas toll system needs to be contacted.
Enterprise/National probably isn't responding because it isn't their server hosting the data and they want no liability. Which is poor service. A response that we are not responsible for the website hosting the data please contact Texas xxxyyy for further information and we are also sending this information to our internal contact at Texas xxxyyy would go a long ways. Maybe legal is working on it.
Enterprise/National probably isn't responding because it isn't their server hosting the data and they want no liability. Which is poor service. A response that we are not responsible for the website hosting the data please contact Texas xxxyyy for further information and we are also sending this information to our internal contact at Texas xxxyyy would go a long ways. Maybe legal is working on it.
I have found on HTA's website their privacy policy, and this email ([email protected]), I will send it there as well. I also found the email format for them ([email protected]) and emailed a few of their executive leaders. We'll see if that gets any attention, but the emails I used are at least valid as I got out of office auto responses.
It is still really sad that 1) customers have to deal with this, and 2) companies can't be bothered to at least respond when someone is nice enough to report a genuine issue to them.
#14
Join Date: Jan 2008
Location: JFK, DCA, BUR, YVR
Programs: AC, AS, BA, DL, HH (D), MR (T/LTP), UA (*S), UScAAre (PLT/1,87MM), WN
Posts: 5,207