bchandler02

At a minimum, this looks to apply to both National and Enterprise. I will not be using tolls in a rental vehicle moving forward because of this.

I had a rental a week or so ago in Texas, and used the toll roads. Just got my toll bill - all is good there, but I googled one of the toll charges just to determine where it was and if I was charged the tag or mail rate out of curiosity. The google search was for "SH 45 HEATHER BLVD ENT" which is a legitimate charge for my trip.

However, the 4th result links to a random Enterprise/HTA customer's invoice and contains their name, address, rental and toll details, and last 4 of the CC.


I have emailed this to both National and HTA, but fully expecting to get a generic response. Anyone here from National/Enterprise that can get this to the right teams ASAP to fix this, or anyone have any contacts?

AutoSlash

This looks to be an errant invoice from another customer from back in 2019. Is this problem repeatable, meaning, does it come up consistently when you view your own statement or was it a one-time glitch?

You might consider escalating to one or both of these individuals:

Will Withington
SVP, North American Operations
[email protected]

Randal Narike
EVP, Customer Experience
[email protected]

Hope this helps!

missingcolours

LOL, wow, if you do an appropriate Google Search there are 73 of those in the Google index with name, full address, last 4 of CC number...

bchandler02

I will send it to the two contacts above. I did submit it to HTA and National using the contact us form on their websites, but so far, nothing.

AZwldcats

Yup,

Found a bunch of Avis ones as well.

bchandler02

Just sent it to the two contacts above. I found 91 results in my searching.

I wonder if we should post something similar in the other rental car forums that use HTA for tolls and send it to their execs as well?

bchandler02

Update: I've heard nothing back from the contacts mentioned above, nor from the general feedback that I submitted on National and HTA's websites.

I guess nobody cares.

AZwldcats

Maybe the FTC would care...

https://reportfraud.ftc.gov/#/

storewanderer

I think the error is with the Texas toll system. They are the one presenting the data. Enterprise/National data comes in based on the renter but it isn't Enterprise/National hosting this public website with personal information. Whoever is in charge of this Texas toll system needs to be contacted.

Enterprise/National probably isn't responding because it isn't their server hosting the data and they want no liability. Which is poor service. A response that we are not responsible for the website hosting the data please contact Texas xxxyyy for further information and we are also sending this information to our internal contact at Texas xxxyyy would go a long ways. Maybe legal is working on it.

storewanderer

Now I am looking at the website with the personal information and I see a link to someone's Enterprise bill on an Enterprise letter. This makes the website look like it is Enterprise (I know this is just a contractor).

Enterprise/National should care about this given how it presents.

Major privacy violation here.

Sometimes it feels like nobody cares about anything at these big corporations/government contractors anymore which is what you are up against here. But anyone who's data was available publicly in this manner should absolutely care. There have to be some privacy rules protecting this (well maybe not in Texas). But HTA operates in states other than Texas and is doing this in those states too.

uxb

It appears the common thread is "Agent 196." I cannot find any of my data floating around on the web.

uxb

It doesn't appear to be isolated to TX. I found toll receipts for people driving in FL and IL. It's HTA LLC that needs to be alerted.

bchandler02

Does this qualify as fraud? If so, I am absolutely happy to go down that path. However, not sure it qualifies as fraud as it is more of a privacy violation in my eyes.

It is not the Texas toll system either. It is HTA, which is a 3rd party vendor to at least a few rental companies. See the full list at their website: https://www.htallc.com/coverage#ourpartners

Anyone happen to know what "Agent 196" means?

Agreed - and I have done so via their website but gotten no response. Since they are a vendor to the rental companies, I would think the rental companies can put some pressure on them to address this, but I guess not.

I have found on HTA's website their privacy policy, and this email ([email protected]), I will send it there as well. I also found the email format for them ([email protected]) and emailed a few of their executive leaders. We'll see if that gets any attention, but the emails I used are at least valid as I got out of office auto responses.

It is still really sad that 1) customers have to deal with this, and 2) companies can't be bothered to at least respond when someone is nice enough to report a genuine issue to them.

uxb

Agent 196 appears to be the compromised database.

bchandler02

Update: Just got a response from the privacy mailbox stating they will investigate and respond as needed.