"The ongoing forensic investigation has indicated that the intruder stole a vendor's credentials, which were used to access our system," Target spokeswoman Molly Snyder said in a statement.
She declined to elaborate on what type of credentials were taken from the vendor.
(Reporting by Jim Finkle. Editing by Andre Grenon)