Please sign in to post.

Have you purchased a ticket for La Alhambra de Granada in the past two years?

... someone messed up big time and the financial data of 4.5 million visitors and over 1000 travel agencies have been exposed.

This has been all over the news today: https://www.elconfidencial.com/tecnologia/2019-05-22/alhambra-hiberus-sicomoro-patronato-generalife-junta-andalucia_2013846/

The software giant Hiberus, responsible for the software of the ticket sales of La Alhambra (and other clients) hasn't yet commented... but its website is today, suspiciously, offline "under maintenance". Its spin-off, Sicomoro, the one actually managing the sales, has simply stated that "any such error has been properly addressed and is currently no longer existing".

The new software, by which you can print a QRcode at home and save queuing at La Alhambra had been just launched last October: https://www.20minutos.es/noticia/3233634/0/nuevo-sistema-venta-entradas-alhambra-acaba-colas/

To my understanding, this does not affect any reservation you might have. However, if you purchased your ticket within this timeframe, it's worth notifying your bank you ccard "might have been" compromised, just in case.

Just sayin'.

Posted by
5503 posts

Awesome. Thanks for posting. Can you keep us updated with any new information? We would have purchased July of 2018. Oddly, it makes me less nervous about sending CC info thru email to reserve hotels in Europe. There is probably less exposure! NO, possible commenters, this is sarcasm. I am not recommending this mode of providing CC info, I use this method very rarely.

Posted by
7049 posts

Enric, if you only knew how many times our credit card and other personal info gets compromised here in the US, including by our own Federal government (Office of Personnel Management - 22 million or so records exposed), the largest aggregators of personal data (three credit rating agencies which collect financial data on millions), mundane retailers like Target, and let's not forget facebook (billions of users). No heads roll when there are massive breaches, and Congress is inept/ unwilling to doing anything meaningful about it. People have almost gotten immune to (yet) another new announcement of a data breach.

Let us know how Spain handles it with these vendors, I would be genuinely interested.

Posted by
2927 posts

Sadly, I would imagine there'll be much "sweeping under the carpet" -as it happens everywhere!-, fixing the code and business as usual. I would imagine insurers won't be happy and there'll be a bit of stormy days ahead in the press for these companies and its clients, but not much else. This is a bit laughable because we have the toughest data protection legislation in the world here in Europe (I mean, EU level) and ANY breach is punishable... however few cases reach the courts. If it were down to me I would issue heavy fines to any company, no matter the size, neglecting proper handling of personal information.

On the practical side, as a European customer, having your ccard data exposed, other than a bit of a nuisance for having to request and wait for a new card, it is not such a big deal since most banks include insurance against these sort of incidents. Also, note the way most EU countries' laws work, ID theft is a rather complex operation and requires far more data to be successful (ie. we often rely on national ID cards) and in many cases, one needs to show up in person for certain formalities anyway.

Funny thing this European Union deal... over 75% of the legislation at national level in all the 29 (soon to be 28) countries emanates these days from EU directives so, in principle, the law should be very similar everywhere (75% of the national laws that is). However, the EU parliament has no sovereignty over the national parliaments of the member states (sovereign countries), so they don't issue "laws" but "directives".

These directives are "compulsory" for all member states, but each one "transposes" them into the national body of laws according to their customs, own codes of practice and boundaries of their "constitutions" so, this is why sometimes certain laws, albeit sharing the spirit of the letter, vary "slightly" from one EU country to the next.

Welcome to the wonderful, messy yet thrilling, world of the European Union. In the text above you've already been introduced to some of the "Brussel's jargon".

Posted by
2417 posts

I keep hoping that the USA will join the first world nations someday on matters of technical communication and financial regulation and privacy, but alas we seem to be staggering in the opposite direction, towards banana dictatorships (or orange authoritarianism).

I purchased Alhambra tickets from an ATM machine several days ahead of time while in the foyer of a bank in Madrid -- the machine let people buy tickets to a wide range of events, like concerts and sports matches, and I marveled at how different systems could be integrated so conveniently. Of course this also means that the line at these kinds of machines moves a lot slower than the lines we're used to at ATMs in the US, where everyone's only decision is how many $20 bills to retrieve.

Posted by
10344 posts

Good reason to have a tour company like Viator (day trip from Sevilla) take care of all of that stuff.

Posted by
26829 posts

Huge cost difference there, Kent. Direct from the source the ticket costs only 14 euros, and you have a lot of flexibility about the timing of your visit. It's difficult to say for sure, but I think hotel rates may be lower in Granada than in Seville as well.

My data has been mishandled so many times that I don't think about it anymore.

Posted by
10344 posts

Not apples to apples comparison. Viator was a good value for us, b/c we were home basing in Sevilla, wanted to do it as a day trip, pick up and drop off at Seville hotel, you have two expert guides, no extra charge (included in tour fee) for transportation from hotel door to Alhambra entrance, no admission ticket costs, not having to provide the Granada your passport # (for their security requirements), etc.

Posted by
5503 posts

I don't like to give up control of my visit, especially something that I cared so much about, like the Alhambra. I know people like to do the day trips, but we spent 9 hours at the Alhambra, and enjoyed the views walking on the way there and back. We also meandered around the Sacramonte and San Nicholas viewpoint, for the Alhambra views and to take in the neighborhoods. A lot of this kind of thing is personal preference. Whether one wants control of their day and visit, how much time they are willing to spend in transit and how much money they want to shell out. I would go absolutely insane with regular tours dictating my schedule. Other people like to have all the details handled so they can sit back and relax. Good thing there are so many ways to travel! In terms of my personal data being compromised, it doesn't even phase me anymore. I follow up with the recommended precautions, act on anything troublesome and move on with my life. I have had all three of my credit cards for a long period of time, and I feel they do an excellent job picking up possible fraud. We used to have just one credit card, we picked up the other two for various reasons, and now I appreciate having more than one in case, I have a problem with an account and need to suspend it and wait for a new card.