DocuSign’s customer email database accessed by hackers after phishing scam

(Reuters) — Electronic signature service DocuSign said on Tuesday hackers had temporarily gained access to a database containing customer emails following a surge in phishing emails sent to its users.

The company, which has about 200 million users, said the emails imitated the DocuSign brand to trick recipients into opening a Microsoft Word document containing malicious software.

The breach comes amid heightened concerns over the security of computer networks around the world, after the WannaCry “ransomware” cyber attack infected more than 300,000 computers in 150 countries since Friday.

DocuSign’s service is widely used by big banks and insurers for keeping track of financial transactions, with 12 of the top 15 U.S. financial services companies using the company’s software.

The privately held company, which makes software to add legally compliant electronic signatures to documents, said only email addresses were accessed.

Names, physical addresses, passwords, social security numbers or credit card data were not accessed, DocuSign said on its website.

The San Francisco-based company did not immediately respond to a request for additional details.

DocuSign, which had been tracking the malicious e-mail campaign, said it introduced new security measures to prevent further breaches and was working with law enforcement agencies.

DocuSign, which counts skateboard legend Tony Hawk and actor Jared Leto among its investors and is worth about $3 billion, has been embraced as a quick and secure way to sign contracts and other official documents using a finger on a mobile device.

DocuSign is widely expected to file for an initial public offering for this year. It hired Dan Springer, who has experience taking companies public, as chief executive in January.

(Reporting by Narottam Medhora in Bengaluru; Editing by Saumyadeb Chakrabarty)