Jimmy John's says security breach affects Mich.

DETROIT (AP) — Jimmy John's sandwich chain says it believes customers' credit-card data from 18 Michigan stores may have been stolen as part of a broader security breach.

The Champaign, Ill.-based chain announced Wednesday that 216 stores in 37 states were affected. Michigan locations on the list are in cities including Bay City, Clarkston, East Lansing, Marquette, Royal Oak, Warren and Ypsilanti. A full list is posted online.

Jimmy John's believes someone stole log-in credentials and remotely installed malware on machines used to swipe credit cards. It says some customers' credit card numbers, expiration dates, verification codes and names were stolen between June 16 and Sept. 15.

Jimmy John's said it believes its security has been restored by installing encrypted swipe machines and taking other steps.