Hackers Access Email Database of E-Signature Service Used by Insurance Industry

Electronic signature service DocuSign said on Tuesday hackers had temporarily gained access to a database containing customer emails, which the company linked to a surge in phishing emails sent to its users.

The company said the emails imitated the DocuSign brand to trick recipients into opening a Microsoft Word document containing malicious software.

DocuSign’s service is widely used by big bank and insurers for keeping track of financial transactions, with 12 of the top 15 U.S. financial services companies using the company’s software.

The privately held company, valued at about $3 billion, makes software to add legally compliant electronic signatures to documents.

DocuSign said only email addresses were accessed. Names, physical addresses, passwords, social security numbers or credit card data were not accessed, the company said on its website.

San Francisco-based DocuSign said earlier this month that it was tracking the malicious e-mail campaign.

DocuSign has about 200 million users and has been embraced as a quick and secure way to sign contracts and other official documents using a finger on a mobile device.

(The company is publishing updates on the situation on its blog.)

(Reporting by Narottam Medhora in Bengaluru; Editing by Saumya