NEW YORK (TheStreet) -- Target's (TGT) security data breach that compromised more than 40 million customer credit and debit cards and stole personal information for as much as 70 million customers may have come from a vendor.
"We can confirm that the ongoing forensic investigation has indicated that the intruder stole a vendor's credentials which were used to access our system," Target spokeswoman Molly Snyder confirmed to TheStreet in an email on Thursday.
"As we have previously shared, we confirmed the breach on December 15 and were able to eliminate the malware and close the access," Snyder added. "In addition, since that time we have taken extra precautions such as limiting or updating access to some of our platforms while the investigation continues."
The information comes after U.S. Attorney General Eric Holder confirmed in testified comments on Wednesday that the Department of Justice was looking into last month's security breach at the big box retailer.Target shares are down 10% this year, compared to the S&P 500 which is down 4%. Target's stock was downgraded to "underperform" from "market perform" by Cowen & Co. on Thursday. TGT data by YCharts
-- Written by Laurie Kulikowski in New York. Follow @LKulikowski
Select the service that is right for you!COMPARE ALL SERVICES
- $2.5+ million portfolio
- Large-cap and dividend focus
- Intraday trade alerts from Cramer
- Weekly roundups
Access the tool that DOMINATES the Russell 2000 and the S&P 500.
- Buy, hold, or sell recommendations for over 4,300 stocks
- Unlimited research reports on your favorite stocks
- A custom stock screener
- Upgrade/downgrade alerts
- Diversified model portfolio of dividend stocks
- Alerts when market news affect the portfolio
- Bi-weekly updates with exact steps to take - BUY, HOLD, SELL
- Real Money + Doug Kass Plus 15 more Wall Street Pros
- Intraday commentary & news
- Ultra-actionable trading ideas
- 100+ monthly options trading ideas
- Actionable options commentary & news
- Real-time trading community
- Options TV