As PostalReporter reported yesterday, Randy Miskanic, Vice President of Secure Digital Solutions,United States Postal Service, provided a detailed timeline of the USPS Data Breach in his written testimony to the Subcommittee on Federal Workforce, U.S. Postal Service and the Census Committee on Oversight and Government Reform.

Also, PostalReporter provided a link to an earlier report from OIG of problems USPS experienced earlier this year with its hardware. August 26, 2014

Here is a shorter version of the timeline provided by Randy Miskanic:

September 11, 2014, the U.S. Postal Service Office of Inspector General (USPS OIG) reported that they received information from the Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) regarding four Postal Service servers that were sending unauthorized communication outside of the organization, indicating that these systems may have been compromised.

September 12 through September 16, the USPS OIG alerted the Postal Service’s Corporate Information Security Officer (CISO) of the suspicious network activity. The CISO was advised that the investigation should remain confidential. USPS CISO is told by the OIG not to scan, re-imaging, resetting account passwords, taking systems offline or search IP addresses.

September 16 through September 19, USPS OIG agents, Postal Inspectors, and members of the CISO team performed forensic imaging and installed monitoring devices on servers suspected of being compromised. At this point all that was known is that four servers were sending unauthorized communications

September 19, the Postal Service CIO reported the suspicious network activity to the PMG. The PMG was also advised at that time that the cyber intrusion investigation was ongoing and that only the USPS OIG and USPIS should take action to mitigate the threat and that any premature action could further endanger the network. Subsequently, information regarding this incident remained highly confidential and restricted to only individuals directly involved with the investigation.

September 19 through October 2, USPS OIG agents and Postal Inspectors identified three Postal Service user accounts and an additional 29 servers with indicators of compromise. Data was submitted to the U.S. Department of Defense Cyber Crime Center for forensic analysis.

October 7, USPS OIG and USPIS team learned that a large data file had been copied and removed from the Postal Service network. This file, however, was encrypted, limiting the ability of the investigative team to identify the data contained within. It was suspected that the file was copied to another server outside of the USPS network that was being controlled by an adversary.

October 10, the CIO informed the PMG of the large data file had been copied and removed from the Postal Service network

October 11 through October 15, USPS OIG agents and Postal Inspectors ongoing investigation revealed that the adversary may have accessed and copied a Postal Service Human Resources file containing employee personally identifiable information (PII).

October 16, the PMG and postal leadership were advised by USPS OIG investigators of the suspected contents of the data breach file. The investigators cautioned, however, that further extensive and complex forensic analysis was necessary to determine if the file actually contained PII.

October 17, the FBI Cyber Unit provided a Top Secret/Sensitive Compartmented Information briefing to the Postal Service Incident Command leadership and advised that the adversary was very sophisticated and that implementing mitigation activities or communicating the threat to employees or the public at that point could result in the threat being further embedded into the Postal Service network.

October 20, the Incident Command staff provided a classified briefing to the White House Cyber Security Director and National Security Council staff.

October 22, the Deputy Postmaster General, U.S. Postal Service Inspector General, Chief Postal Inspector and I conducted separate classified briefings for House Oversight and Government Reform Committee and Senate Homeland Security and Governmental Affairs Committee staffs. The Committee staffs were informed of the current status of critical incident activities, the proposed plan to implement remediation within the Postal Service network, and the suspected compromise of employee PII data.

October 22, USPS OIG agents learned that forensically recovered employee data appeared to originate from the Postal Service Human Resources Shared Service Center, however, contents of the encrypted files were still not known.

October 23, the MDCRP Communications Branch team began working with select internal Postal Service department representatives to develop action plans for communicating with stakeholders during a hypothetical incident in which employee PII was accessed by an external entity. While it was still unknown at that time if employee PII had in fact been taken

October 23, US-CERT officials also briefed postal leadership and Incident Command staff about the type of adversary likely responsible for the intrusion. The officials also reinforced FBI guidance regarding operational security practices, cautioning against public notice and mitigation actions being taken too soon.

October 26 through October 28, The investigative team subsequently confirmed Postal Service employee PII was indeed compromised by the adversary. Review of additional forensic evidence indicated that files were extracted to a server outside of the Postal Service network, albeit the investigative team still did not know what, if any, files actually were stolen.

October 31, the investigative team identified a database backup that was determined to have 2.9 million customer complaints. The compromised customer data was limited to name, address, phone and email address information provided in the course of each customer complaint.

November 4, the investigative team—with the assistance of US-CERT—confirmed that the Postal Service employee PII data was copied and stolen from the Postal Service network. The scope of the compromised data included, names, dates of birth, social security numbers, addresses, beginning and end dates of employment, emergency contact and other information.

November 5, Postal Service received mitigation recommendations from US-CERT to successfully evict the adversary from the Postal Service network

November 7, the Deputy Postmaster General, Chief Postal Inspector and Randy Miskanic conducted a joint briefing for House Oversight and Government Reform Committee and Senate Homeland Security and Governmental Affairs Committee staffs

November 7, the Postal Service CIO organization activated a remediation plan developed with US-CERT guidance . Implementing remediation plan elements required initiation of an information systems network brownout period, which limited communications between the Postal Service network and the Internet.

November 8 – November 9 brownout period, virtual private network (VPN) connections were blocked and remote network access was denied. The new network security safeguards put into place over this two-day period.

November 10 USPS issues statement on the data breach