Target hackers stole access from vendor, company says

Target hackers stole credentials from one of the retailers' vendors to access its systems and pilfer customer information. The retailer wouldn't say which vendor was affected by the Target hackers. 

A passer-by walks near an entrance to a Target retail store in Watertown, Mass. Target hackers gained access to the retailer's systems by stealing credentials from a vendor, the company said Wednesday, Jan. 29, 2014.

Steven Senne/AP/File

January 30, 2014

Target said Wednesday that investigators have found that hackers stole credentials from a vendor to access the retailer's systems and pilfer about 40 million debit and credit card numbers as well as personal information for another 70 million people.

Spokeswoman Molly Snyder declined to comment on further details, such as the vendor's identity or how the Target hackers stole the credentials, citing the ongoing nature of the investigation.

Snyder did say that since Minneapolis-based Target Corp. confirmed the breach on Dec. 15, it has taken extra precautions such as limiting or updating access to some platforms.

My muddle to mediocrity: When good enough is good enough

Last week, some card numbers of Target customers from South Texas turned up in the arrest of a pair of Mexican citizens at the U.S.-Mexico border. But experts believe the attack's original perpetrators will be difficult to locate.

Earlier Wednesday, Attorney General Eric Holder said the Justice Department is committed to tracking down the thieves.

In an appearance before the Senate Judiciary Committee, Holder said that the government also will hunt down any people and groups that exploit the stolen data through credit card fraud.

Target says it is working with the Secret Service and the Justice Department in response to the data breach.