Full reservation databases
Booking platform references (including HeyTripGo)
Payment Data
PDF files containing credit card numbers, expiration dates, and CVV codes
Scans of physical card images used in transactions
Names and billing addresses linked to cards
Full reports of transaction history
Partner comission data and invoice logs
ID Documents
Guest registration forms (with physical signatures)
Internal Communication
Booking confirmation exchanges with platforms (HeyTripGo, Agoda, etc.)

It was clearly observed that HeyTripGoXXXX does not encrypt or anonymize customer booking details, allowing direct exposure of
Raw redit card data
Customer personal details
Booking references traceable to their system