Dear Customer,

We are writing to inform you that DocuSign has updated the subprocessor list for DocuSign Services.

We further wish to inform you that you may object to a subprocessor by submitting your objection by email to privacy@docusign.com with the subject line “Subprocessor Objection,” along with your name, your company’s name, name of the DocuSign service, the name of the subprocessor and grounds for objection.

Regards,

The DocuSign Privacy Team

The DocuSign CLM Technology Teams will be conducting necessary reporting maintenance.   

Planned Outage Date: Wednesday, March 22nd starting at 21:00 CT (Wed, March 23 02:00 UTC) to Wednesday, March 22nd at 23:00 CT (Wed, March 23 04:00 UTC). 

Impact: During this maintenance window reports may fail for some NA11 CLM customers.   

We apologize for any inconvenience during this time. Please reach out to DocuSign CLM Technical Support for any questions or concerns and check back here for updates regarding the schedule.

DocuSign has recently updated the Subprocessor List. To see relevant changes and access the updated list, please visit this page.

Should you have any questions, do not hesitate to contact us at privacy@docusign.com.

DocuSign has observed a new technical support impersonation themed phishing campaign through improper use of DocuSign. Report improper use of DocuSignaccounts directly through the envelope email notification Report Abuse link or through the DocuSign i-Sight portal directly via this link (https://docusign.i-sight.com/portal/reportonline?lang=en_US&theme=DocuSign).

The envelopes are sent from a variety of senders and associated email addresses, many with the public outlook.com domain. Here are some examples of common email notification subject lines:

• MS Office 365

• Windows Defender purchased Order

• Order Successfully

• Complete with DocuSign: Bot Content (90).html

• Fire wall protection order successfully placed

NOTE: If you do not see activity matching the email notification when reviewing your DocuSign account, then the email is an imitation DocuSign attempt. Report imitation DocuSign attempts to spam@docusign.com. 

As a reminder, do not click on any email or attachment links from unknown or untrusted senders. All customers are also reminded that they should continue their own due diligence, identify, and report suspicious activity, including fraud/illegal activity. See the Incident Reporting page (https://www.docusign.com/trust/security/incident-reporting) on our Trust Center for more information. Customers should also continue to utilize their own organization’s security tools to investigate potentially malicious documents, links and notifications.

For more information on how to spot phishing, please see our Combating Phishing and Protecting Your Organization Against DocuSign Brand Impersonation white papers.

The new Connect certificates for AU, CA, and EU are now published. 

Please see the DocuSign Support Portal link here for further details on the new certificates and  “Force” scheduled date.

DocuSign has a new Status Page. Sign up to receive status alerts via email, text message, Slack and RSS feed about the health of our site and services.

At DocuSign, we work hard to ensure our services are available 24/7. Still, sometimes problems occur and our site or services go down. In the spirit of transparency and communication, our new Status Page, powered by an industry leading platform, sends you real time updates. Stay informed and make decisions based on current and accurate information–and be alerted the minute we are back up. Subscribe today and stay informed!

The new site SSL certificate for Demo, CA and EU is now published. Please see the DocuSign Support Portal here for further details on the new certificate and "Force" scheduled date.

DocuSign has observed a new phishing campaign in which malicious URLs are being hidden in fake/imitation DocuSign-themed emails.

The emails have been spoofed to appear to be sent from dse@docusign[.]net or dse@docusign[.]com. These emails did not originate from our legitimate DocuSign email servers. They contain the following subject line:

• “Re: Document to Sign and Complete”

The emails contain a link to a phishing page that is hosted on the following domain:

• hxxps://ipfs[.]fleek[.]co/ipfs/<ID of letters and numbers>/

DocuSign does not use this service. Please treat any DocuSign-themed emails with a link to “ipfs[.]fleek[.]co” as phishing.

Do not click on any email or attachment links from unknown or untrusted senders. All customers are reminded that they should continue their own due diligence and identify and report to DocuSign any suspicious emails using legitimate DocuSign accounts and technology (securityaccountabuse@docusign.com), as well as suspicious emails spoofing the DocuSign brand (spam@docusign.com). Customers should also continue to utilize their own organization’s security tools to investigate potentially malicious documents, links and notifications.

For more information on how to spot phishing, please see our Combating Phishing and Protecting Your Organization Against DocuSign Brand Impersonation white papers.

The DocuSign CLM, CLM.CM, and CLM Essentials January 23.1 product release will be released to the UAT environment on Thursday, December 8, 2022, between 8:00 PM and 11:00 PM, US Central Time. We do not anticipate any impact to platform availability or access during this time.

Announcements for this upcoming release can be found on the DocuSign Support Center. Please continue to check the Support Center for enhancements and fixes that will be posted before UAT deployment.

Please contact Technical Support if you have any questions.

Please see the DocuSign Support Portal, Connect Certificates page for further details on the new certificate "Offer" and “Force” scheduled date.