(Reuters) — U.S. Attorney General Eric Holder confirmed on Wednesday that the U.S. Department of Justice was investigating the massive hacking of consumer data from retailer Target Corp. during the holiday shopping season.
Testifying at a U.S. Senate hearing, Mr. Holder said the department would seek not only to find the perpetrators of the breach, but also "any individuals and groups who exploit that data via credit card fraud."
Target has said a breach of its networks resulted in the theft of about 40 million credit and debit card records and 70 million other records with customer information such as addresses and telephone numbers.
The United States Secret Service usually takes the lead in credit card breach investigations for the federal government.
In his statement to senators, Mr. Holder said the department took reports of data breaches seriously.
"While we generally do not discuss specific matters under investigation, I can confirm the Department is investigating the breach involving the U.S. retailer, Target," he said.
Reuters reported on Jan. 23 that the U.S. Federal Bureau of Investigation had warned U.S. retailers to prepare for more cyber attacks after discovering about 20 hacking cases over the past year that involved the same kind of malicious software used against Target during the holiday shopping season.
Separately on Wednesday, U.S. Democratic lawmakers asked Neiman Marcus for information and documents relating to the upscale retailer's recent cyber security breach that involved customer data.
Earlier this month, Neiman Marcus said about 1.1 million customer payment cards may have been affected in a breach last year.
Democrats on the House Energy and Commerce Committee wrote to Neiman Marcus's chief executive, Karen Katz, seeking more details so they could "fully understand ... how this theft of confidential customer information occurred."
The committee is expected to hold a hearing on the data breaches in early February.
The lawmakers also asked Target executives last week for more documents in the wake of the massive data breach in November and December.