Target Corp. said cyberthieves stole credentials from one of the retailer’s vendors in order to access its system, according to an ongoing forensic investigation into a data breach that may have exposed the personal information of as many as 110 million customers.
The company said that since disclosing the hack Dec. 15, it cleared its system of the malware that had been planted.
“In addition, since that time we have taken extra precautions such as limiting or updating access to some of our platforms while the investigation continues,” Target spokeswoman Molly Snyder said in a statement Wednesday.
The Minneapolis retailer said that crooks accessed the payment card information of as many as 40 million customers over a two-week span during the holiday shopping rush. The company later said that information including names and home and email addresses from as many as 70 million customers may have been stolen as well.
On Wednesday, U.S. Attorney General Eric H. Holder Jr. said in a Senate Judiciary Committee hearing that the Justice Department is looking into the theft.
“We are committed to working to find not only the perpetrators of these sorts of data breaches but also any individuals and groups who exploit that data via credit card fraud,” Holder said.
The department “takes very seriously reports of any data breach, particularly those involving personally identifiable or financial information,” he said.