The massive hack that hit Target in the weeks before Christmas 2013 wouldn’t have been possible without someone actually stealing the credentials of a vendor, Reuters revealed. “The ongoing forensic investigation has indicated that the intruder stole a vendor’s credentials, which were used to access our system,” Target spokeswoman Molly Snyder said, without revealing what was taken.

Following the theft, hackers managed to compromise Target’s point of sale (POS) systems, taking over 40 million credit and debit cards, including encrypted PINs, and personal information for over 70 million Target customers. The hackers used a malware program that was difficult to detect, which is believed to have been employed in hacking Neiman Marcus as well as other undisclosed businesses in a Target-like fashion. The FBI has recently issued a note to retailers, warning that such attacks may be performed in the future as well, so it looks like these attacks are part of a coordinated assault.

The attack may have originated from Eastern Europe, or at least the malware program used was traced back to hackers from the region, although it’s still not known who was behind the Target hack.

Meanwhile, Attorney General Eric Holder on Wednesday confirmed that federal authorities are investigating the data breach at Target, without offering specific details regarding the course of the investigation, USA Today reports.

“The Department of Justice takes seriously reports of any data breach, particularly those involving personally identifiable or financial information, and looks into allegations that are brought to its attention,” Holder told the Senate Judiciary Committee. “While we generally do not discuss specific matters under investigation, I can confirm the department is investigating the breach involving the U.S. retailer, Target. And we are committed to working to find not only the perpetrators of these sorts of data breaches – but also any individuals and groups who exploit that data via credit card fraud.”