The attack, staged between March and August 2014, affected several servers of Seoul Metro, which runs four major subway lines, ruling party legislator Ha Tae-Kyung said.
Nearly 60 employee computers were infected by malware, Ha said.
After analysing the hacking records, the National Intelligence Service (NIS) found that the malware codes were similar to those North Korean hackers have employed before, he added.
A Seoul Metro spokesman confirmed the hack, but stressed that computers used for the direct operation of subway lines were not compromised.
"There were data and information leaks, but none related to direct operations," the spokesman said.
"We still don't know who was behind the attack," he added.
Seoul's subway network is one of the busiest in the world, carrying around 5.25 million passengers a day.
South Korea has blamed North Korean hackers for a series of cyber attacks on military institutions, banks, government agencies, TV broadcasters and media websites in recent years.
Last December Seoul accused Pyongyang of launching a cyber attack on South Korea's nuclear power plant operator. Pyongyang denied any involvement and accused Seoul of fabricating the incident.
South Korea has strengthened Internet security since it set up a special cyber command in 2010, amid growing concern over its vulnerability.
The South's defence ministry believes North Korea runs an elite cyber warfare unit with up to 6,000 personnel, and regards its ability to launch hacking attacks as a major security threat.
Follow NDTV for latest election news and live coverage of assembly elections 2019 in Maharashtra and Haryana.
Subscribe to our YouTube channel, like us on Facebook or follow us on Twitter and Instagram for latest news and live news updates.