Although the hackers could have accessed information on nearly 1 million students through the Mercenat-card and CSN-card sites, what information they actually accessed remained unclear, The Local reported Sunday.

In messages left on the sites' homepages, the hackers wrote that they carried out the attack simply to demonstrate the sites' weak security, adding they didn't intend to use any of the information they

had accessed.

The breach was discovered Saturday evening and within half an hour both Web sites and their related databases were shut down, the Swedish newspaper reported.

No decision had been taken on when the sites may reopen, affecting all the sites' merchants except student discounts for travel on Swedish rail operator SJ and SAS airlines.

"We're taking the incident extremely seriously and will report it to the police as soon as have collected all relevant information," said Mercenat managing director Jonas Levin.