** National Car Rental - Read this...**

W

WienerDog

Earning My Ears
Joined
May 29, 2000
Messages
19
Kudos to the National Car Rental webmaster and the site development team. Shame on their customer service...

I was checking rates on National as an Emerald Club member. I found a bug in the web site that allowed me to see reservations of other customers. Basically, when I click the check reservation button the site should bring up blank text boxes to type in your last name and confirmation number. The text boxes were filled in instead of being blank. If I refreshed the screen, I was given another last name and confirmation number. Here is my gripe -> your privacy may have been compromised.

The reservation of an Emerald Club member has your last name and your EC number. With that information, anyone can get to your Profile information. I don't know about you, but I have my name, address, home and work phone numbers, Driver license number, expiration date, the credit card that I use (type and last 4 digits), and birthdate. Everything you need to get a speedy reservation, so I'm sure you entered that info also. That REALLY makes me made, and you should be mad too!

I called the Emerald Reservations customer service number to complain and report the problem. The first CSR said she didn't think you could check your reservation from the site... I asked to talk to a manager because I considered this to be an important problem. Her supervisor came on the phone was suprised to hear the problem. She assured me that it would be reported and then assured me that it wasn't a big deal, the information couldn't be used to rent a car or charge merchandise. I talked to her for a long time and explained how worried I was and how mad I was that someone could have all the info I listed above. At the end of a long conversation, she is sending me a voucher for $10 that will get to me in 4 to 6 weeks, long after my vacation.

Now for the people who manage the site. They obviously did a great job closing this bug, because it doesn't happen anymore. Let me stress that this has been fixed. I also want to add that I wasn't "hacking" the National site. It just popped up on my screen, it was a bug in the site. I can just see them taking me to court for looking at other peoples reservations. I will say that I looked at an Emerald Club profile because the CSR assured me (yes, she insisted and I do have her name) that the Profile could not be retrieved. She was wrong. Am I wrong to think they could have done more than send me a $10 voucher AFTER my rental for use on a future rental?
 
If I were you I wouldn't really be interested in compensation. This bug isn't about that. It sounds like a major security issue, but NOTHING HAPPENED TO YOU!! I can't imagine that people working in a call center would be able to compensate you for something that didn't actually happen.

On the other hand, this is big potential problem for all of us who use the national website. If you are truly interested in making sure the problem is fixed, you (& the rest of us) may want to send an email to the webmaster. There is a link under "Contacts."

Thanks for letting us know!
 
Weinerdog,
Glad you alerted them, but, I think I would have tried to contact the Tech people before the Customer service people as they generally have no idea what is on a web site. Heck, they cannot even see what they have for internet specials.
As to the compensation, I would have been happy with a "thank you for alerting us to this problem". I was brought up to believe that a "thank you" was sufficient, and continue to believe that is enough.
What you did was great and thank you for taking the time to alert National and us.
 
No problem!

I was changing reservations during the time that this problem was occurring. That means that my information was exposed:

Last Name, First Name
Emerald Club Number
Home Phone
Work Phone
Home Street
City, State Zip

Drivers License Number
DL Expiration Date

Birthday
American AAdvantage Flyer number

My flight to Orlando
When I return

My first concern was obviously to get the problem fixed to keep this from happening to everyone else.

Gillian:
To say that nothing happened to us is wrong though... your information was exposed, unsecure, to the internet. You said nothing happened to me, but when do I know something HAS happened to me? When someone breaks into my house while I'm on vacation? When someone opens a credit card in my name? The act of exposing private customer information is what happened, so far. I guess it's just something that you can worry about or forget, and I'm not one to worry very long so I'm okay.

The rest is just personal opinion on how important you rate this problem. I'm very particular about my personal infomation on the internet and expecially about giving my vacation time and home address in the same place (you only have to be robbed once to understand this).

GAIL:
Again, it is just personal opinion, but when a company says "Sorry" and "thanks for letting us know, we'll get it fixed", it tells me they are worried about their business but not about individual customers. It's not ABOUT the compensation. A thank you was great from you and Gillian, you really don't have to thank me! I don't think a thank you is enough from a company that is being paid for a service and trusted with information.
 

Welcome WeinerDog.


I just went to the 'Change Reservation Screen' The following info is shown:

Name
EC#
Country of Residence
Rental Location/Dates/Car Class
Arrival Airline/Flight Number
Contract ID
Freq Flier Airline -NOT number
Special Eqiupment
Discount/Contract numbers
Business Acct and Billing Number (I assume for those large corporations that have direct billing)

No address/Phone/CC numbers are shown on this screen

You can not access credit card info by loging onto the site with only your EC# - you must enter a user ID and password.
 
Weinerdog,
Yes, I did feel the need to thank you, my information is out there also. I do appreciate your concern for others.
I really think that National cares for the individual customer as well as their business.
I just may be difficult to discern from our perspective.
In every orginazation there are those that don't know, don't care, or simply give the impression that they are doing you a favor. Unfortunately, it seems you ran into one of those with your call. Luckily, for all of us, you took it to a higher level. Like I said before, I would have simply called Tech support and let them know. Just a different approach.
Now that this is behind you, just let it go and enjoy the planning before the trip and definitely enjoy the vacation. :)
 
Same thing happened to me. I don't know what I did, but I saw a reservation for someone else. I had the ability to make changes to it very easily.

I think I was changing my current reservation which by the way is a nightmare. Whenever I made a change, the price would go up. I ended up starting from scratch. Make sure if you make a change that you still have Emerald Service.
 
Actually, you usually always have to start over or you get a horrible price. Don't accidentally make a change. I almost lost my rate when I added my Emerald Club number to my reservation. Luckily I caught it before I confirmed the change. I cancelled that reservation anyway because I was able to get the good rate on a new reservation, but included the Emerald Club number that time.

You should call and check your rate. The Change Reservation button was the place that the bug was located. When you clicked on that button to change your reservation, it gave you someone elses last name and reservation. If you just hit continue thinking that it was your name and reservation, you get taken to the other persons reservation. From there, the person would either hit the browser back button, hit cancel, or confirm the change just to get back to the previous screen. Unfortunately, if they hit confirm, it would probably change your rate to the higher rate. Oh well...
 
Brian,
I checked my account, and you are correct... now. The reservation page has not changed, but the Emerald Club login/password may have. With the last name and Emerald Club number, I was able to log into the profile of another customer (log into your account and check your "Profile" screen, that is what I had access to. I am NOT able to log into my account now with just my last name and Club number, I need my Login name nad password which has not been compromised.

I really do feel bad that I got access to this other customers profile. The CSR assured me that this information was inaccessible and I really didn't expect to be able to get it. I really don't want to call this person (then I would have to explain what happened), but I wrote him a letter and I'm going to send him my $10 voucher when I get it :) . Don't bother watching your mail, he wasn't a Disney vacationer so it isn't any of you!

Pluto4President, you have my vote, thanks for the welcome.
 
WienerDog -- Welcome to DIS! :)

Here are some suggestions I have for you! My DH and I are VERY careful with our information. The first thing I would do is call your credit card company and ask for a new number. It is (as far as I know...) free of charge and that will at least prevent anyone from using the one you had in the system. My DH and I regularly ask for new number from the credit card companies every few years. Once it has been in too many hands it is too dangerous.

Another suggestion, if you are worried that people will know that you are on vacation during that time frame now. Just take extra precautions to make it look like someone is at home. Our neighbors just went on vacation and they had another neighbor start parkingin the driveway during the week to make it look like there was someone home (the other neighbor is retired. :) ) You can put lights on timers, etc. And we just let our neighbors know that we are going to be gone and that no one should be over there. Other than that you are just going to have to have faith that it will be ok.

Finally another trick my DH uses when he gets nervous about his information, he will call places and ask them to remove his information from their database. He would rather have to type it all in each time than to have it there for hackers to get to. Maybe this suggestion could be made to the National tech support for thier web service. There are many pages out there that allow this option. My DH and I are both software engineers -- it is more work for them, but at least things like your credit card number and drivers license number could be cleared out each time if you like. I know they are going to have to keep something in there to know you are a member. :) I would try recommending it as an imporvement to their site.
 
PoohNPiglet,
Thanks for the suggestion. I am going to tie up my Dachshund in front of my house so it looks like we are there... Ohhhhh, that was just a joke, I love my doggy....

Actually, those are all good suggestions. For someone looking for a timer system, check out www.x10.com or www.homeautomation.com. You can get a pretty good setup for under $50. I run my timers all year round with security variations on the time (ie. you set a time for the lights to come on, but they system varies the actual time by up to 30 minutes so your lights don't com on EVERY night at exactly 7:00).
 
You must log in or register to reply here.


New Threads

S
Early entry question
Replies
2
Views
35
Dave006
D
S
Timing
Replies
1
Views
27
Disnsyncey
D
;-)
Narcooses vs California grill on July 4th
Replies
0
Views
19
;-)
;-)
Sandisw
  • Locked
New T & C regarding Personal Use
Replies
0
Views
69
Sandisw
Sandisw
Sandisw
  • Locked
New T & C Personal Use Information
Replies
0
Views
87
Sandisw
Sandisw
Sandisw
  • Locked
New T & C Regarding Personal Use...
Replies
0
Views
86
Sandisw
Sandisw
Minnesota!
  • Poll Poll
Stupid question, probably, but I cannot make a decision. Fly through STL or BNA?
Replies
4
Views
88
Minnesota!
Minnesota!
Sandisw
DVC T &C Personal Use - Only Thread to Discuss!
2 3 4
Replies
69
Views
949
Sandisw
Sandisw

NEWS & UPDATES
CAR SERVICE



New Posts










Save Up to 30% on Rooms at Walt Disney World!
Save up to 30% on rooms at select Disney Resorts Collection hotels when you stay 5 consecutive nights or longer in late summer and early fall. Plus, enjoy other savings for shorter stays.This offer is valid for stays most nights from August 1 to October 11, 2025.
CLICK HERE







New Posts

maui2k5
Unpopular opinion - Space Mountain needs a new track
Replies
18
Views
348
BrianL
BrianL
K
Does Mexico CS have real alcohol drinks? (not in cans)
Replies
13
Views
609
holden
H
Sandisw
DVC T &C Personal Use - Only Thread to Discuss!
2 3 4
Replies
69
Views
949
Sandisw
Sandisw
dreamer17555
What Is One Thing You Would Change About DCL?
14 15 16
Replies
300
Views
18K
RedHead0186
RedHead0186
J
Tip for VIP tour guide
Replies
19
Views
493
Minnie1222
Minnie1222
P
When a Parent Dies and Loser Siblings Come Looking for Money
2 3 4
Replies
63
Views
4K
tvguy
tvguy
lorimay
September 15th, 7 night Norwegian Fjords cruise is now discounted....
Replies
5
Views
782
Bad Pink Tink 2.0
Bad Pink Tink 2.0
C
Hotel further away - art shuttle
Replies
11
Views
455
pblack
pblack
mommytotwo
Word Association-One Word-Part 6
592 593 594
Replies
12K
Views
207K
HappyGal
HappyGal
mommytotwo
One Word Association-Part 2
661 662 663
Replies
13K
Views
247K
HappyGal
HappyGal
View more…






DIS Facebook DIS youtube DIS Instagram DIS Pinterest

Back
Top