Target's Security Breach May Have Come From Vendor

NEW YORK (TheStreet) -- Target's (TGT) security data breach that compromised more than 40 million customer credit and debit cards and stole personal information for as much as 70 million customers may have come from a vendor.

"We can confirm that the ongoing forensic investigation has indicated that the intruder stole a vendor's credentials which were used to access our system," Target spokeswoman Molly Snyder confirmed to TheStreet in an email on Thursday.

"As we have previously shared, we confirmed the breach on December 15 and were able to eliminate the malware and close the access," Snyder added. "In addition, since that time we have taken extra precautions such as limiting or updating access to some of our platforms while the investigation continues."

The information comes after U.S. Attorney General Eric Holder confirmed in testified comments on Wednesday that the Department of Justice was looking into last month's security breach at the big box retailer.

Target shares are down 10% this year, compared to the S&P 500 which is down 4%.

Target's stock was downgraded to "underperform" from "market perform" by Cowen & Co. on Thursday.

TGT Chart TGT data by YCharts

-- Written by Laurie Kulikowski in New York.

Disclosure: TheStreet's editorial policy prohibits staff editors, reporters and analysts from holding positions in any individual stocks.

If you liked this article you might like

Toys 'R' Us Store Employees Set for Higher Wages Despite Bankruptcy

Target Expands Next-Day Delivery Program

Target Is Taking on the Big Guys

Cramer: Dominoes Are in Play Today