Quebec schools app leaks kids' data, sparking outrage

Published: 8 October 2025
Last updated: 8 December 2025
HopHop app data leak
Image by Cybernews

Hundreds of schools and daycares in Quebec used an app that exposed children's data, putting them at risk. And while fingers pointed in multiple directions, looking for someone to blame, schools continued to use the application despite the dangerous data leak.

Quebec has been caught in an ongoing scandal after it emerged that the HopHop app, used by hundreds of schools, was leaking children's data and was not approved or regulated by governmental institutions.

Launched in 2016, the HopHop app helps daycares and schools coordinate children’s pickup times with the arrival of parents or authorized adults. The estimated arrival time is either calculated via the smartphone’s GPS or entered manually.

ADVERTISEMENT

Radio-Canada first reported the vulnerability, which affects thousands of children in Quebec. The government has reportedly been aware of the problem for two weeks, auditing and shifting the blame to educational institutions, all while schools and daycares continued to use the unsafe app.

Worryingly, such a widely used app was not among the thirty digital tools approved by the Quebec Ministry of Education.

Hop-Hop data leak
Source: Cybernews

Cybernews obtained a letter sent to the affected parents on October 7th. It seems the company sent notification letters only after the leak was covered in the media.

The notice claimed that the company temporarily suspended access to its services and applications after receiving reports about the leaked data.

The company claimed to be collaborating with the Ministry of Cybersecurity and Digital Affairs to patch identified vulnerabilities.

According to the company, the incident happened between September 29th and October 7th. The affected data include:

  • Full names of children
  • Full names of parents/guardians
  • Photo of the child
  • Photo of the app user
  • Name of the school the child attends
ADVERTISEMENT

Farther uncovered the vulnerability

A security expert named Patrick Mathieu, whose children also attend school using the app, uncovered the data leak. The worried father was able to extract sensitive information about parents and children who use the HopHop app.

Even more worrying, his findings show that anyone had access to the button that notifies the school that the parent is on the way and that it is time to prepare the child to go home.

"Someone really malicious who sees a photo of a parent, tries to look like them, and then picks the child up from school, that could happen," Mathieu said to Radio-Canada.

HopHop app data leak
Presentation of the HopHop application. Photo: HopHop

"That's the worst-case scenario that could happen."

In the initial statement to Radio-Canada, the ministry claimed that childcare services are private entities and that it is therefore their responsibility to ensure the protection of personal information that they collect, hold, use, or communicate.

Cybernews has reached out to the company, but a response is yet to be received.

The government is finally taking action

According to Radio-Canada, two weeks after being warned of security issues involving personal information, the Quebec government has started asking daycares and schools to stop using the HopHop app.

ADVERTISEMENT

“It remains the responsibility of the school service center to ensure that when an application is favored by a daycare, CSS, for example, that it passes the necessary test provided for by law,” stated Minister Sonia LeBel to Radio-Canada.

“They have the tools to do so. If they need help, they know they can ask for help from the Ministry of Education or the Ministry of Cybersecurity and Digital Affairs to test these applications.

HopHop app
The HopHop app sends an alert to the daycare to indicate that a parent is on the way. Photo: Radio-Canada

Backlash from parents

As news of the HopHop data leak spread, parents on Reddit erupted in frustration, not just over the breach itself, but over the company’s handling of it.

“Why rely on a company for essential services like that?” one user asked, echoing the sentiment of frustrated parents.

For some, the breach hit especially hard because the app had genuinely made their lives easier.

“We’ve been using HopHop for years... I get to school, and the kids are ready to go. I must have saved a day of my life waiting in the school entrance,” one user said.

After the app went dark on October 7th, some parents complained about a lack of transparency.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us
ADVERTISEMENT

“Ok, but maybe sending an email would have been good,” another parent wrote.

“Now you're going to have tons of parents asking questions to their daycare services because they didn't follow the news today.”

Others expressed outrage that an app handling children’s personal data could have such critical vulnerabilities.

“It’s totally unacceptable that an app that doesn’t even seem to have had basic penetration testing and hasn’t been approved by the relevant ministries can be used in 500 schools and daycare centers in Quebec,” one furious parent wrote.

“Like, it’s f**** unacceptable. We’re talking about our kids’ personal information here.”

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT