Senate investigators accused Target on Tuesday of making serious missteps that allowed hackers to steal millions of credit card numbers from its system.
Target "missed a number of opportunities"¦ to stop the attackers and prevent the massive data breach," the Senate Commerce Committee aides wrote in a report.
The findings could expose Target to a lawsuit from the Federal Trade Commission, which has sued dozens of companies in recent years for failing to adequately protect customer data from hackers.
Molly Snyder, a Target spokeswoman, said the company's investigation is ongoing.
"With the benefit of hindsight, we are investigating whether, if different judgments had been made the outcome may have been different," she said.
The hackers stole credit card numbers for as many as 40 million Target customers between Nov. 27 and Dec. 15 of last year, according to the retailer. The hackers obtained other personal information such as names and addresses for another estimated 70 million customers.
The report comes ahead of Wednesday's Senate Commerce Committee hearing which will feature testimony from John Mulligan, Target's chief financial officer, and FTC Chairwoman Edith Ramirez.
The report details how the hackers breached Target's system and identifies numerous points where Target could have prevent the theft of its customers' data.