The Lopesan group, Gran Canaria's main accommodation operator, is linked to a possible security breach that would have exposed 27,629 customer files. The affected records mainly correspond to guests of tourist resorts in Meloneras and Maspalomas.
The alert comes almost two years after the company itself acknowledged another security incident involving the extraction of personal information. The repetition of the problem now coincides with a potential exposure of very detailed data on stays, rooms, and services used by customers.
The alert of May 11, 2026 affected 27,629 files
The suspicious activity was detected on May 11, 2026, on international threat monitoring platforms. The evaluation systems assigned the incident an ESIX score of 5.04 points, a level considered to have a medium-high impact.
Among the compromised information are full names, email addresses, ages, stay dates, country of origin, assigned rooms, language preferences, and services used. The scope of these fields points to files linked to the ordinary operations of the tourist resorts.
In addition to the numerical dimension, the case mainly affects customers staying in Meloneras and Maspalomas, two of the areas with the highest hotel concentration in the south of Gran Canaria. The possible exposure reaches 27,629 guest records associated with the group's establishments.
The group already admitted another extraction of personal data in July 2024
In July 2024, Lopesan acknowledged a security incident that led to the extraction of personal information from customers of multiple group companies. That episode included a more sensitive volume of data in documentary terms.
At that time, the potentially compromised information included names, surnames, gender, date of birth, ID or passport number, email, phone number, signatures, and check-in and check-out records. The comparison with the current alert shows that the new episode also affects data related to the customer's stay at the accommodation.
It remains to be clarified whether the detected activity involved unauthorized access to central systems or if the exposure occurred at another point in the technological infrastructure. The current incident received an ESIX score of 5.04 points, placing the alert at a medium-high impact level.
The company foresees forensic analyses and technical audits to determine the real scope of the alert, clarify the origin of the possible intrusion, and confirm if there was undue access to central infrastructures.