It was the devices that were compromised - modify those so a data logger records the key presses and encryption n transfer to the bank doesn't help one bit in protecting the PIN (and the data connection to the bank is encrypted). The interesting thing is if the encrypted data from the chip in the credit card can be read. Chip & Pin PoS devices don't read the mag strip (they don't need to), and the account information on the card is encrypted. You would need to break that encryption to get the account information. However, there's another possible approach - it might be that the compromised PoS devices have been modified to read the mag strip information which has to be there for use abroad.

Given that these compromised cards were used abroad, then it might not appear to be anything as sophisticated as getting the PINs and cloning the chips. It might be as simple as copying the mag stripe information if the countries where these were used don't have Chip & PIN.