Investigators have discovered that hackers stole credentials from a vendor to access Target's systems.
The Star Tribune reports Target spokeswoman Molly Snyder would not give details on the vendor's identity or how the hackers stole the credentials.
According to the newspaper, Snyder said since Target discovered the breach on Dec. 15, it has taken extra precautions to limit and update access to some platforms.
More credit and debit card information from the breach continues to flood the black market.
Security expert Brian Krebs said millions of card numbers stolen from Target shoppers are being bought and sold in online "card shops," according to the Pioneer Press.
The newspaper reports that Krebs said Wednesday the "card shops" – which sell the stolen card data to thieves worldwide – are still posting huge batches of credit and debit cards that can be traced back to the Target breach.
About 40 million Target customers had their credit and debit card information stolen during the holiday shopping season data heist. Hackers also swiped personal information including email addresses, phone numbers, names and home addresses for another 70 million..
The Pioneer Press reports a growing number of banks are reissuing new cards instead of advising customers to monitor their statements and report any fraud, so far around 15.3 million cards have now been reissued.
Also Wednesday, Attorney General Eric Holder said the Justice Department is committed to tracking down the thieves responsible for stealing information from millions of Target customers.
The Associated Press reports Holder said, before the Senate Judiciary Committee, the government will also hunt down any people and groups that exploit the stolen data through credit card fraud.
On his blog, Krebs said an examination of the malware used in the Target breach suggests attackers may have had help from a poorly secured feature built into a widely-used IT management software product that was running on the retailer's internal network.
Target said it is working with the Secret Service and the Justice Department in response to the breach.