tricountyhs.org Listed by incransom Ransomware Group
Flowers Early Learning (formerly known as Tri-County Head Start) is a non-profit 501(c)(3) organization providing free, high-quality early childhood education and family support services across Berrien, Cass, and Van Buren counties in Southwest Michigan. Funded by a federal grant through the Office of Head Start, the organization serves eligible families with children from birth to age five, as well as expectant mothers.
On July 1, 2026, the ransomware group Incransom added tricountyhs.org to its public leak site, confirming that it had exfiltrated internal files from Flowers Early Learning, the nonprofit formerly known as Tri-County Head Start that serves families across Berrien, Cass, and Van Buren counties in Southwest Michigan.
Confirmed Facts from Reporting
Public reporting indicates the organization suffered a ransomware attack in which attackers gained access to internal systems and removed files before encrypting data. The nonprofit provides federally funded early childhood education and family support services for children from birth to age five and expectant mothers. No exact number of affected individuals has been disclosed, and the precise volume or content of the stolen files remains unclear from available reporting. The listing appeared on the Incransom leak site with a disclosure reference tied to the domain tricountyhs.org.
Why This Matters for You and Your Family
When a local nonprofit that handles enrollment forms, health records, family addresses, and contact details for young children is breached, the information can directly affect the families it serves. Internal files often contain names, dates of birth, addresses, phone numbers, and sometimes Social Security numbers for both parents and children. Once that data leaves the organization’s control, it can be sold, traded, or used to target you with identity theft, phishing, or harassment. For families with young children, the exposure creates long-term risk because a child’s records stay valuable to criminals for decades.
The Doxxing and Identity-Chain Implications
Leaked internal files frequently link an email address or phone number to a child’s name, parent’s employer, home address, and even details about daily routines. Attackers and data brokers can chain these fragments together with information from other breaches to build a complete profile. A single credential leak from this incident can cascade into gaming account takeovers if children use the same email or password on Roblox, Minecraft, or other platforms. Those compromised game accounts then become entry points for further doxxing, harassment, or social engineering against the entire household.
Incransom’s Publicly Known Track Record
Public reporting attributes Incransom with emerging in late 2024 as a ransomware operation that combines encryption with data theft and extortion. The group has listed schools, healthcare providers, and small nonprofits among its prior victims. Its typical playbook involves initial access through phishing or exploited remote desktop services, followed by exfiltration of sensitive files, deployment of ransomware, and later publication of samples on its leak site when victims do not pay. The group sets payment deadlines and gradually releases additional data to increase pressure.
What to do
- Run a DoxxScan to map every link between your family’s emails, phones, handles, and real identities so you can see exactly what this breach connects to.
- Rotate any password used at tricountyhs.org or Flowers Early Learning anywhere it is reused, and switch to 2FA through an authenticator app rather than text messages.
- Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next time your information appears it is caught in hours, not months.
- Cover the household with DoxxScan family protection that extends to dependents and children’s gaming accounts which often chain back to the same leaked addresses and emails.
- Let remediation specialists handle takedown requests across data brokers and exposed profiles while you focus on securing accounts at home.
The incident shows how quickly a local nonprofit’s breach can reach your front door and your children’s online lives. Taking concrete steps now limits how far criminals can travel down the identity chain that begins with this leak. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4B+ breach records and 100+ platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts. Start your DoxxScan trial today to regain control of your family’s exposed information.
Related breaches
Aesthetic Surgical Images Listed by incransom Ransomware Group
Aesthetic Surgical Images, a plastic surgery practice based in Omaha, NE, has been serving patients …
samberger24.de Listed by incransom Ransomware Group
Samberger is a long-established medical supply store and sports and analysis center in Munich, offer…
tecnocurva.com.br Listed by incransom Ransomware Group
Company operating in the automotive sector. Heavy and agricultural segment. Forming of tubes and wel…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →