Target said Wednesday that the cyber criminals who breached its system used credentials they stole from one of the retailer's vendors.
"The ongoing forensic investigation has indicated that the intruder stole a vendor's credentials, which were used to access our system," Target spokeswoman Molly Snyder said in a statement.
She declined to elaborate on what type of credentials were taken from the vendor.
Meanwhile, the Justice Department is investigating the hacking incident, Attorney General Eric Holder said Wednesday.
Testifying at a U.S. Senate hearing, Holder said the department will seek not only to find the perpetrators of the breach but also "any individuals and groups who exploit that data via credit card fraud."
Target has said a breach of its networks during the busy holiday shopping period resulted in the theft of about 40 million credit and debit card records and 70 million other records with customer information such as addresses and telephone numbers.
The Secret Service usually takes the lead in credit card breach investigations for the federal government.
In his statement to senators, Holder said the department took reports of data breaches seriously.