Nearly 60 employee computers were infected by malware, Ha said.
After analysing the hacking records, the National Intelligence Service (NIS) found that the malware codes were similar to those North Korean hackers have employed before, he added.
A Seoul Metro spokesman confirmed the hack, but stressed that computers used for the direct operation of subway lines were not compromised.
"There were data and information leaks, but none related to direct operations," the spokesman said.
"We still don`t know who was behind the attack," he added.
Seoul`s subway network is one of the busiest in the world, carrying around 5.25 million passengers a day.
South Korea has blamed North Korean hackers for a series of cyber attacks on military institutions, banks, government agencies, TV broadcasters and media websites in recent years.
Last December Seoul accused Pyongyang of launching a cyber attack on South Korea`s nuclear power plant operator. Pyongyang denied any involvement and accused Seoul of fabricating the incident.
South Korea has strengthened Internet security since it set up a special cyber command in 2010, amid growing concern over its vulnerability.
The South`s defence ministry believes North Korea runs an elite cyber warfare unit with up to 6,000 personnel, and regards its ability to launch hacking attacks as a major security threat.
More about: