. The data breachAttack.Databreachhappened at one DocuSign computer system location and has since been contained . While short-lived , the malware was able to obtainAttack.Databreachmany customer and user emails from the DocuSign database . Fortunately , the breachAttack.Databreachwas limited to email addresses ; no documents or further customer information was accessedAttack.Databreachin the attackAttack.Databreach. The attackers have begun sending outAttack.Phishingmalicious emails with the company ’ s branding to DocuSign customers and users . In an alert on the DocuSign website , the company shared that it is tracking these emails which carry a downloadable Microsoft Word document harboring malware to attack the user ’ s system . The email subject line has been known to read : “ Completed : docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature. ” How to protect yourself If you are not expecting an email via DocuSign , do not click on the link . If you are expecting a document , but are unsure of the source , you can access your document directly by visiting docusign.com . Every legitimate DocuSign email has a code which the user can enter on the website to access their document . DocuSign has asked that people forward suspicious emails to spam @ docusign.com then delete the email from their inboxes . It is important to remember that DocuSign will never request a customer or user to open a PDF , Microsoft Office document or ZIP file in an email .