Those involved in Target's data breach in December reportedly used explicit access credentials in an unspecified product Information Week reported Thursday.
"We can confirm that the ongoing forensic investigation has indicated that the intruder stole a vendor's credentials which were used to access our system," Molly Snyder, spokeswoman at Target told Information Week in an e-mail.
"As we have previously shared, we confirmed the breach on December 15 and were able to eliminate the malware and close the access," Synder said in the e-mail. "Since that time we have taken extra precautions such as limiting or updating access to some of our platforms while the investigation continues," Snyder said in the e-mail.
Seventy million credit and debit account numbers were taken from Target customers between Nov. 27, and Dec. 15, and were reportedly being used on new plastics according to information on Target's website.
The incident spanned the country in Target stores, and not online, and could have involved thieves fiddling with the machines customers utilize to slide their cards through while purchasing merchandise Bloomberg Businessweek reported.
An update from Target's website Dec. 20 said no pin information is believed to be obtained according to CNN Money. The security code on the cards plastic sticker near the card owner's signature on the underside of the card are also considered to be safe. The same is true for card user's social dates of birth, and social security number. Pins were then found to be taken, but not accessible Bloomberg reported.
Target gave a 10 percent discount to the customers affected by the crisis ABC News reported. The retailer announced it will take full responsibility for charges that come from the incidents Target said on its website. Affected customers will also get a year's worth of credit monitoring and identity theft protection to all consumers who purchased items from Target stores during the breach Target reported.
The retailer also warned about a fake e-mail scam, reminding customers that all official e-mails from Target corporate communications are posted on the company's website The Boston Globe reported.
