Jimmy John’s sandwich chain said Wednesday that it believes customers’ credit card data was stolen from 216 of its shops between June and September, including at five stores in Kansas.

The Champaign, Illinois-based chain said in a news release that stores in 37 states across the United States were affected. It did not say how many customers are affected.

Jimmy John’s believes someone stole log-in credentials and remotely installed malware on machines used to swipe credit cards. Some customers’ credit card numbers, expiration dates, verification codes and names were stolen between June 16 and Sept. 15, the company said.

The privately held company said it discovered the problem on July 30.

Jimmy John’s said it believes its security has been restored by installing encrypted swipe machines and taking other steps.

Jimmy John’s has more than 2,000 locations.

The Kansas stores affected by the security breach include:

STORE 2194 Garden City , KS 503 E. Kansas Ave. — 6/16/2014 – 8/13/2014

STORE 0485 Lawrence , KS 1720 W. 23rd St. — 7/1/2014 – 8/2/2014

STORE 1228 Lansing , KS 834 N. Main St. — 7/1/2014 – 8/1/2014

STORE 0932 Wichita , KS 340 N Rock Rd. — 7/1/2014 – 8/1/2014

STORE 1301 Wichita , KS 517 Hillside Ave. — 7/1/2014 – 8/3/2014