Target said Wednesday that the cyber criminals who breached its system used credentials they stole from one of the retailer's vendors.
"The ongoing forensic investigation has indicated that the intruder stole a vendor's credentials, which were used to access our system," Target spokeswoman Molly Snyder said in a statement.
She declined to elaborate on what type of credentials were taken from the vendor.
Meanwhile, the Justice Department is investigating the hacking, Attorney General Eric Holder said Wednesday.
Testifying at a U.S. Senate hearing, Holder said the department will seek not only to find the perpetrators of the breach but also "any individuals and groups who exploit that data via credit card fraud."
Target has said a breach of its networks during the busy holiday shopping period resulted in the theft of about 40 million credit and debit card records and 70 million other records with customer information such as addresses and telephone numbers.
The Secret Service usually takes the lead in credit card breach investigations for the federal government.
In his statement to senators, Holder said the department took reports of data breaches seriously.
"While we generally do not discuss specific matters under investigation, I can confirm the department is investigating the breach involving the U.S. retailer, Target," he said.
Reuters reported Jan. 23 that the FBI has warned U.S. retailers to prepare for more cyber attacks after discovering about 20 hacking cases in the past year that involved the same kind of malicious software used against Target.