Karachi-based Bank Islami acknowledged on Sunday of suffering a security breach of its payment cards system but denied reports of having lost an alleged $6 million in what local press have called the biggest cyber-attack in the country’s history.

The bank said it detected the attack on Saturday morning, October 27, when internal security system identified “abnormal transactions” coming from Pakistani debit cards outside the country’s borders.

According to statement Bank Islami posted on social media, bank officials said they immediately shut down the bank’s access to international payment networks. The bank claims that it returned all the funds that had been withdrawn from customers’ accounts, which it only estimated at around 2.6 million Pakistani rupees, or, roughly$19.500.

But the bank disputes figures from international card processors that attackers made off with $6 million.

Subsequentially, after the Bank was cut off from the international payment scheme, the Bank was advised by international payment scheme that some transactions were made on international ATMs allegedly using Bank’s issued cards. However, no details have so far been shared with the Bank as to how such transactions were processed and validated when such transactions never landed on Bank’s system. These transactions, of approximately $6 million as claimed by international payment scheme, are not acknowledged by the Bank since the Bank was actually logged off from the international payment scheme at the time.

But anonymous sources, say that the bank may know more than it’s letting up.

“There is a clear breach of information at Bank Islami’s part and it is being speculated that a digital copy of Bank Islami customer’s credit card information was leaked to hackers,” the source told Tier3.

The SPB confirmed that a fellow bank’s cards were used “at ATMs and POS in different countries” and that it “temporarily restricted usage of its debit cards for overseas transactions” as a response to that breach, according to the SPB advisory obtained by Tier3.

Bank Islami may be in denial because if the bank is proven to have acted too late in stopping the attack, it is on the hook for the $6 million alleged funds, which will come out of its pockets, and not its customers.