Electronic signature service provider DocuSign has admitted customer email addresses were accessed in a data breach.
The addresses were then targeted in a series of phishing emails from “a malicious third party”.
The messages invited recipients to click on a link to a Microsoft Word document containing malware.
DocuSign says that no other information was accessed in the incident, and the e-signature service remained secure.
“No names, physical addresses, passwords, social security numbers, credit card data or other information was accessed,” the company said in a statement.
“DocuSign’s core e-signature service, envelopes and customer documents and data remain secure.”