The very first ATM card I ever got, in the mid 80s in Texas, had a 6 digit PIN. When I got to choose it, it let me put 4 to 6 digits so I chose 6. A few years later they sent me my first debit card with a note that it had the same PIN. It did not. It had been truncated to 4 digits. Which made me unhappy because clearly it was sitting in plaintext in a database somewhere.
Even with a 6 digit pin why care it was stored? If someone has access to the bank's infrastructure and the pins aren't there they might as well be even with computers from the 80s.
With how small the space of PINs are, is there any point in hashing? To make brute-forcing every PIN infeasible you'd have to make the hash difficulty time intolerably long.
