View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
May 16, 2017updated 19 May 2017 5:06pm

DocuSign data breach: customer emails stolen in phishing attack

The phishing campaign saw emails spoof the DocuSign brand.

By Ellie Burns

One of the most popular digital signature services, DocuSign, has fallen victim to a phishing campaign which compromised a database of customer email addresses.

The company has confirmed the data breach after tracking the phishing campaign on May 9. In a statement, the company said:

“Last week and again this morning, DocuSign detected an increase in phishing emails sent to some of our customers and users – and we posted alerts here on the DocuSign Trust Site and in social media. The emails “spoofed” the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software.”

docusign data breach

DocuSign confirmed that a malicious third party gained access to a “separate, non-core system that allows us to communicate service-related announcements to users via email.” In attempts to reassure customers, the eSignature firm stated that only email addresses had been accessed and no names, addresses, passwords, social security numbers, or credit card data had been compromised.

“Malicious email attachments are a critical threat as they can easily bypass traditional defences as part of sophisticated spear-phishing attacks,” said Steven Malone from Minecast.

READ MORE: DocuSign CEO: New chief Daniel Springer talks innovation, success as a public company and making paper obsolete with CBR

“All DocuSign customers need to educate users to be extra vigilant when opening any documents purporting to be from their service. Verify with the sender before opening any documents or clicking on any links. Criminals will try all manner of ways to trick employees into enabling macros in weaponized email attachments.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The company has since put further security controls in place and is currently working with law enforcement agencies to investigate the breach. The company has also advised customers to delete any emails with the subject line as follows:

“Completed: [domain name]  – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”.

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.