The Buckle Inc., a clothier that operates more than 450 stores in 44 U.S. states, disclosed Friday that its retail locations were hit by malicious software designed to steal customer credit card data.