SalesLoft Drift Incident Update

Docusign was notified, alongside other Salesloft Drift customers, that we were affected by their recent security incident. The incident resulted in limited, unauthorized access to our Salesforce CRM, which contains a narrow set of Docusign business records and other business-related information. 

Notably, Drift is not used in any products Docusign offers to our customers. At this time, we have no indication that any Docusign services — or related data such as contracts or signatures — were accessed or affected. 

Our investigations to date have shown that the affected information was generally already publicly available or of similarly low sensitivity, such as a limited dataset of names,  company names, contact email addresses, zip codes, or masked payment card numbers.

We have disconnected Drift from Docusign’s business systems (including Salesforce) and have rotated any potentially impacted tokens and credentials.

The security of our customers’ data is one of our top priorities. Docusign customers can contact trustcenter@docusign.com for any inquiries relating to this alert.