WASHINGTON — Attorney General Eric Holder Jr. told lawmakers Wednesday that the Justice Department will find the hackers who lifted 40 million debit and credit card numbers from Target customers.

Appearing before the Senate Judiciary Committee, Holder confirmed that his agency is investigating the holiday heist that exposed vulnerabilities in the nation’s credit card system. Target first acknowledged the involvement of the Justice Department in late December, a week after warning customers that their account data may have been nabbed.

Holder said the government is working to find not only the perpetrators, but also anyone who uses the stolen data for credit card fraud. Hackers also grabbed personal information, including names, home addresses and phone numbers, of up to an additional 70 million Target customers in that attack.

“The Department of Justice takes seriously reports of any data breach, particularly those involving personally identifiable or financial information, and looks into allegations that are brought to its attention,” he said.

The Secret Service has been assisting Target in the retailer’s investigation into the data breach, according to the company. The nation’s second largest retailer said it became aware of the cybersecurity attack Dec. 15. Target issued an apology and offered customers a free year of credit monitoring and identity theft protection.

Target confirmed Wednesday that its investigation has indicated that the hacker stole a vendor’s credentials to access its system.

In the ensuing weeks, luxury retailer Neiman Marcus revealed that 1.1 million of its customers had also been affected by a three-month data breach. The cyberattack has resulted in 2,400 cards being used in fraudulent transactions so far.

Security firm IntelCrawler identified a Russian teenager as the author of the malware that was probably used in the cyber attacks against Target and Neiman. The firm said it expects more retailers to announce that their systems were breached, as more than 60 versions of the malware have been sold to cyber criminals overseas.

Earlier this month, the FBI warned retailers of more attacks to come after discovering 20 breaches in the past year caused by the same malware that corrupted Target’s system.