Watch What You Click (Again!): DocuSign Confirms Data Breach Incident
Well-known and very popular digital signature service DocuSign acknowledged a data breach incident in which a large number of customer email addresses were stolen. The company announced on its website that the data stolen was limited to customer email addresses and that "no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed." Customers were reportedly seeing increased phishing emails "spoofing" the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software.
Among other security protocols, the company recommends deleting any emails with the subject line:
- Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature;
- Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature; or
- Legal acknowledgement for [person] Document is Ready for Signature.
While everyone should always be wary of what they click, users who may already be expecting to click on links in emails from DocuSign should be especially careful.
Ready to proactively develop and implement a data breach response plan? At Selman, our team of experienced attorneys stands ready to assist you in developing appropriate plans and information-security practices. View more information on our Cyber Law practice page.