SAN FRANCISCO—Electronic signature service DocuSign said that hackers had temporarily gained access to a database containing customer emails, which the company linked to a surge in phishing emails sent to its users, Reuters reported.
The company said the emails imitated the DocuSign brand to trick recipients into opening a Microsoft Word document containing malicious software.
Many banks and credit unions use DocuSign's electronic signatures service for financial transactions, with 12 of the top 15 U.S. financial services companies using the company's software, Reuters noted.
DocuSign said only email addresses were accessed. Names, physical addresses, passwords, social security numbers or credit card data were not accessed, the company said, according to Reuters.
Following the news of the DocuSign breach, NAFCU president and CEO Dan Berger said, "These dangerous data security breaches will continue to put consumers at risk until Congress acts by instituting a strong national data security standard for retailers.Credit unions have been steadfast in protecting their members' information, but credit unions cannot control the lax security of the retailers their members use. After each breach, retailers pass the costs off to consumers and their financial institutions.
"It is essential that lawmakers hold retailers to the same strict data security standards credit unions already follow under the Gramm-Leach Bliley Act," Berger continued. "As NAFCU testified before the House Small Business Committee this March, the best way to address data breaches is to create a comprehensive regulatory strategy for industries that are not already subject to oversight. We need all those involved in the payments chain to take seriously their responsibility for protecting consumer data."
Electronic signature service DocuSign said that hackers had temporarily gained access to a database containing customer emails, which the company linked to a surge in phishing emails sent to its users, Reuters reported.