San Francisco-based DocuSign has alerted its customers that it has been the target of a phishing attack.
“We confirmed that a malicious third-party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via e-mail,” said the company in a message on its corporate blog. “A complete forensic analysis has confirmed that only e-mail addresses were accessed; no names, physical addresses, passwords, Social Security Numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.”
DocuSign stated that the phishing e-mails attempted to “trick recipients into opening an attached Word document that, when clicked, installs malicious software.” However, the company insisted that its eSignature service, envelopes and customer documents remained secure, although it is not clear what level of damage occurred as a result of this incident.