Stolen vendor credentials were used in the giant breach of Target's systems late last year, the retailer said Wednesday.
Since discovering the breach, "we have taken extra precautions such as limiting or updating access to some of our platforms while the investigation continues," Target spokeswoman Molly Snyder said.
The news adds details about the cause of the Target ( hack, which remains under investigation. It could be the )largest breach in U.S. retail history.
The discount retailer discovered the breach in mid-December, notified customers several days later, and launched an investigation with the help of a private security firm and law enforcement.
Attorney General Eric Holder spoke about the federal investigation at a Senate hearing on Wednesday.
"The Department of Justice takes very seriously reports of any data breach, particularly those involving personally identifiable or financial information, and looks into allegations that are brought to its attention," he said. "And we are committed to working to find not only the perpetrators of these sorts of data breaches, but also any individuals and groups who exploit that data via credit card fraud."
Since Target's disclosure, high-end retailer Neiman Marcus announced over 1 million customer cards were compromised in a breach last summer. Over the weekend, crafts retailer Michaels said its systems may have been breached.