A major U.S. payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting multiple services.
The incident began on Friday and quickly escalated into a nationwide disruption across BridgePay’s platform.
Ransomware confirmed within hours of outage
BridgePay Network Solutions confirmed late Friday that the incident disrupting its payment gateway was caused by ransomware.
In an update posted Feb. 6, the company said it has engaged federal law enforcement, including the FBI and U.S. Secret Service, along with external forensic and recovery teams.
“Initial forensic findings indicate that no payment card data has been compromised,” the company said, adding that any accessed files were encrypted and that there is currently “no evidence of usable data exposure.”
BleepingComputer has contacted BridgePay with questions about the ransomware group involved, which BridgePay has not yet named.
Merchants report cash-only payments
Around the same time BridgePay disclosed the incident, some U.S. merchants and organizations began telling customers they could only accept cash due to a nationwide card-processing outage.
One restaurant said its “credit card processing company had a cyber security breach” and that card payments were unavailable nationwide.
City of Palm Bay, Florida government announced:
“BridgePay Network Solutions, our third-party credit card processing vendor, is experiencing a nationwide service disruption. As a result, the City’s online billing payment portal is currently unavailable. We do not have an estimated restoration time.”
As such, the city government suggests that customers may make utility payments by cash, card, or check by appearing in person or, in limited cases, by calling the office.
Other organizations, including Lightspeed Commerce, ThriftTrac, and City of Frisco, Texas have reported service impacts from the BridgePay incident.
Payment gateway services hit hard
BridgePay’s status page showed major outages across core production systems, including:
- BridgePay Gateway API (BridgeComm)
- PayGuardian Cloud API
- MyBridgePay virtual terminal and reporting
- Hosted payment pages
- PathwayLink gateway and boarding portals
Early warning signs appeared around 3:29 a.m., when monitoring detected degraded performance across multiple services, beginning with the “Gateway.Itstgate.com – virtual terminal, reporting, API” systems.
The intermittent service degradation eventually cascaded into a full system outage.
Within hours, the company disclosed the incident was cybersecurity-related and later confirmed it was ransomware.
The breadth of affected systems suggests widespread disruption for merchants and payment integrators relying on the platform for card processing.
As of the latest update, BridgePay said recovery could take time and is being handled “in a secure and responsible manner,” while the company continues its forensic investigation.
The incident adds to a growing wave of ransomware attacks targeting payment infrastructure, where outages can quickly ripple through real-world commerce when transaction pipelines go down.
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.
