Stolen vendor credentials were used in the giant breach of Target's systems late last year, the retailer said Wednesday.
Since discovering the breach, "we have taken extra precautions such as limiting or updating access to some of our platforms while the investigation continues," Target spokeswoman Molly Snyder said.
The news adds details about the cause of the Target (TGT) hack, which remains under investigation. It could be the largest breach in U.S. retail history.
The holiday shopping season breach affected up to 110 million customers, including 40 million credit and debit cards and up to 70 million customers' personal information.
The discount retailer discovered the breach in mid-December, notified customers several days later, and launched an investigation with the help of a private security firm and law enforcement.
Related: Target hack: Tips for all customers
Attorney General Eric Holder spoke about the federal investigation at a Senate hearing on Wednesday.
"The Department of Justice takes very seriously reports of any data breach, particularly those involving personally identifiable or financial information, and looks into allegations that are brought to its attention," he said. "And we are committed to working to find not only the perpetrators of these sorts of data breaches, but also any individuals and groups who exploit that data via credit card fraud."
Since Target's disclosure, high-end retailer Neiman Marcus announced over 1 million customer cards were compromised in a breach last summer. Over the weekend, crafts retailer Michaels said its systems may have been breached.
It isn't immediately clear if these possible attacks were related. Security experts have warned it is likely other companies were targeted by the hackers who hit Target.