Ransomware victim disclosure
← All victimsFlowers Early Learning
listed as tricountyhs.org · Claimed by Incransom · listed 1 day ago
Status timeline
- ListedJul 2, 2026
- Data leakeddate unknown
At a glance
- Group
- Incransom
- Status
- Data leaked
- Country
- United States
- Sector
- Education
- Listed on leak site
- Jul 2, 2026
About the victim
AI dossier — public-source company profileFlowers Early Learning (formerly Tri-County Head Start) is a non-profit 501(c)(3) organization providing free early childhood education and family support services to eligible families with children from birth to age five across three counties in Southwest Michigan. The organization is federally funded through the Office of Head Start.
- Industry
- Early Childhood Education & Family Support Services
- Address
- Southwest Michigan (Berrien, Cass, and Van Buren counties)
Attack summary
Severity: low — Post is a listing/announcement only with no proof files, no specifics on data exfiltration or encryption, and no operational impact stated. The leak post does not detail what was actually compromised.The incransom group claims to have conducted an attack on Flowers Early Learning, but the leak post provides no details regarding what data was compromised, whether exfiltration occurred, encryption was deployed, or what sensitive information is at stake.
What the group claims
Flowers Early Learning (formerly known as Tri-County Head Start) is a non-profit 501(c)(3) organization providing free, high-quality early childhood education and family support services across Berrien, Cass, and Van Buren counties in Southwest Michigan. Funded by a federal grant through the Office of Head Start, the organization serves eligible families with children from birth to age five, as well as expectant mothers.
Sources
Source
Indexed 1 day agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

