Voltras International, a prominent online booking platform and GDS aggregator based in Indonesia, has allegedly been compromised. A threat actor is currently selling a 30GB database claimed to be the company’s internal archive for $4,500. Voltras International serves as a major hub for numerous travel agencies in Southeast Asia, maintaining direct connections with airlines such as Garuda Indonesia, Emirates, and Singapore Airlines. The breach purportedly affects the company’s internal operations, specifically involving transaction records and agency financial details.
According to the actor, the compromised archive spans from 2019 to 2025 and contains sensitive financial documents. The allegedly compromised data includes:
-
Weekly and monthly invoices from partners (e.g., Avia Tour) from 2019–2024, including official PDFs.
-
Excel files for Payment Reconciliations (Recon) for the years 2019 to 2025.
-
IATA ADM (Agency Debit Memo) documents from various airlines (Garuda, Emirates, Qatar, Turkish) containing penalty details and ticket numbers.
-
Internal reports from the Refund Team, including precise refund calculations for 2022–2025.
-
Domestic and international billings for 2024.
-
Complete lists of Payment Advice Reports (PAR) and agency financial reports.
-
Official PDF documents of paid and unpaid invoices from Voltras Travel.
