DocuSign says that a third party has stolen more than 100 million email addresses from their system. They say that no names, physical addresses, passwords, social security numbers, credit card data or other information including documents were accessed.
DocuSign recommends these steps:
Delete any emails with the subject line, “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”. They may appear suspicious because you don’t recognize the sender, weren’t expecting a document to sign, contain misspellings (like “docusgn.com” without an ‘i’ or @docus.com), contain an attachment, or direct you to a link that starts with anything other than https://www.docusign.com or https://www.docusign.net.