Target traces data breach to credentials stolen from vendor

Target Corp. said cyberthieves stole credentials from one of the retailer’s vendors in order to access its system, according to an ongoing forensic investigation into a data breach that may have exposed information from as many as 110 million customers.

The company said that since disclosing the hack Dec. 15, it cleared its system of the malware that had been planted.

“In addition, since that time we have taken extra precautions such as limiting or updating access to some of our platforms while the investigation continues,” Target spokeswoman Molly Snyder said in a statement Wednesday.

The Minneapolis retailer said that crooks accessed the payment card information of as many as 40 million customers over a two-week span during the holiday shopping rush. The company later said that personal information, including home and email addresses and names, from as many as 70 million other customers may have been stolen as well.

On Wednesday, Atty. Gen. Eric H. Holder Jr. said in a Senate Judiciary Committee hearing that the Justice Department is looking into the theft.

“We are committed to working to find not only the perpetrators of these sorts of data breaches but also any individuals and groups who exploit that data via credit card fraud,” Holder said.

The department “takes very seriously reports of any data breach, particularly those involving personally identifiable or financial information,” he said.

ALSO:

2 arrested in connection with Target hack

Target to drop health policies for part-timers

Justice Department working to nab Target data thieves, Holder says