DocuSign Suffers Data Breach, Customers Targeted With Phishing Emails


DocuSign has warned users to immediately delete any unexpected communications

Digital signature firm DocuSign has confirmed that it suffered a data breach which has resulted in many of its users being targeted by a phishing campaign.

Hackers managed to access a private database and gain access to the email addresses of DocuSign customers, which have since been used to send emails containing a malicious Word document. If opened, the attachment installs malware on the user’s device.

The company has assured users that names, physical addresses, passwords, social security numbers and credit card data were not accessed.


Data breach

The phishing emails were designed to trick users into opening the malicious attachment and were made to look like legitimate company communications.

There are two different versions in circulation, one with the subject heading “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and another which reads “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”.

DocuSign has warned users that “these emails are not from DocuSign. They were sent by a malicious third party and contain a link to malware spam” and says recipients should forward such emails to ‘’ before deleting them completely.

In a post on its Trust Center site, DocuSign says: “Today we confirmed that a malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email. A complete forensic analysis has confirmed that only email addresses were accessed.

“We took immediate action to prohibit unauthorized access to this system, we have put further security controls in place, and are working with law enforcement agencies.”

The San Francisco-based firm recently opened a cyber security centre in Dublin to research ways to strengthen the protection of its e-signature and digital transaction management platforms but, as has become abundantly clear, no organisation is safe from cyber criminals.

The security world is still reeling from the weekend’s ‘WannaCry’ ransomware attacks which started by targeting NHS Trusts in London on Friday and quickly spread to over 100 countries around the world.

Several security researchers have since linked the outbreak to a North Korean hacking group and organisations should be braced for a second wave of attacks.

Do you know all about security in 2017? Try our quiz!