Full reservation databases Booking platform references (including HeyTripGo) Payment Data PDF files containing credit card numbers, expiration dates, and CVV codes Scans of physical card images used in transactions Names and billing addresses linked to cards Full reports of transaction history Partner comission data and invoice logs ID Documents Guest registration forms (with physical signatures) Internal Communication Booking confirmation exchanges with platforms (HeyTripGo, Agoda, etc.) It was clearly observed that HeyTripGoXXXX does not encrypt or anonymize customer booking details, allowing direct exposure of Raw redit card data Customer personal details Booking references traceable to their system