As an expert (CISSP, CEH and CHFI - certified hacking forensic investigator) - I believe my answer would give you the best perspective from a professional who investigates hacked websites all the time.
You should obtain the web server logs - but not just from the time of the attack, go one week back.
Then remove from the logs (using basic filtering) all the legitimate activity - say, start from the pages which are accessed only for legitimate purposes and remove them from the logs. Go deeper until you are left just with nefarious activities.
You will get a list of IP addresses - investigate these.
Keep in mind though, that hackers often use proxies.
In this case, you should keep in mind that hackers also do what they do for a purpose. If your data was valuable, someone paid to get it "taken" - think who might have ordered this, maybe a competitor? And sometimes it might be someone trying to get at you.
if you were affected to a great scale and needed some best expert you can get to resolve database hack issues , you can reach the tech geeks at https://venomthreads.com ([email protected]) .