Hackers stole credentials from a vendor to break into US retailer giant Target's systems and steal about 40 million debit and credit card numbers as well as information on another 70 million people, police have discovered.
Target spokeswoman Molly Snyder would not give further details, such as the vendor's identity or how the hackers stole the credentials because of the continuing investigation.
She said that since Minneapolis-based Target confirmed the breach on December 15, it had taken extra precautions such as limiting or updating access to some platforms.
Last week some card numbers of Target customers from South Texas turned up in the arrest of a pair of Mexican citizens at the US-Mexico border. But experts believe the attack's original perpetrators will be difficult to locate.