Cyber Incident Victim: Miracle-Ear

On October 24, 2017, an unauthorized intruder compromised the email system of Amplifon, the parent company of hearing aid manufacturer Miracle-Ear, based in Plymouth. The breach specifically targeted an employee email account used for administrative and accounting functions supporting Miracle-Ear subsidiaries. The intrusion resulted in the exposure of excerpts from 554 patient records, though the exact nature of the compromised data elements was not publicly disclosed. Amplifon and Miracle-Ear personnel detected the security incident the following morning on October 25, confirming unauthorized access had occurred. Company officials acknowledged the breach in a December 29, 2017 statement but could not confirm whether the attacker had actually viewed or exfiltrated the patient records during their access period. No technical details regarding the intrusion method or duration of unauthorized access were provided in the public disclosure.

The organizations formally notified media outlets of the privacy breach via fax transmission on December 28, 2017, over two months after discovery. This notification timeline suggests internal investigations or forensic reviews occurred between October and December, though no specific containment measures or remediation actions were described in available reports. The incident exclusively affected Amplifon's email infrastructure supporting Miracle-Ear operations, with no indication of broader system compromises across either organization. Public reporting relied solely on the company's statement, which did not address whether affected patients received individual notifications or if regulatory agencies were informed. The StarTribune originally covered the breach, though its full report contains no additional verifiable details beyond the core facts acknowledged in Amplifon's disclosure.