Ransomware Attack Cripples US Payment Platform BridgePay, Leaving Merchants Cash‑Only for Over 3 Days

On February 6, BridgePay, a major U.S. electronic payment service provider, suffered a ransomware attack that took its critical systems offline, resulting in a nationwide disruption of card‑payment processing and forcing merchants to accept cash only.

BridgePay confirmed the incident was caused by ransomware, contacted federal law‑enforcement agencies including the FBI and the U.S. Secret Service, and engaged external forensics and recovery teams. Preliminary forensics indicated no payment‑card data was exfiltrated; any accessed files were encrypted.

BleepingComputer reported that BridgePay was queried about the ransomware group involved, but the company has not disclosed the group’s name.

The outage impacted many merchants and institutions. A restaurant stated its credit‑card processor suffered a security breach and could not process card payments. Palm Bay, Florida, announced its online bill‑pay portal was unavailable and advised residents to pay in cash, by card, or by check. Other organizations such as Lightspeed Commerce, ThriftTrac, and the city of Freestone, Texas also reported service interruptions.

“Our third‑party credit‑card processing supplier BridgePay is experiencing a nationwide service outage. Consequently, the city’s online bill‑pay portal is currently unavailable, and we have no estimated recovery time,” – Palm Bay City Government.

BridgePay’s status page listed the following services as down:

BridgePay Gateway API (BridgeComm)

PayGuardian Cloud API

MyBridgePay virtual terminal and reporting system

Hosted payment pages

PathwayLink gateway and access portal

Early warning signs appeared at 03:29 when monitoring detected performance degradation in the “Gateway.Itstgate.com—virtual terminal, reporting, API” system, which later escalated to a full outage.

As of the latest update, BridgePay said recovery could take time and will proceed in a “secure and responsible” manner while the forensic investigation continues. The incident highlights a growing wave of ransomware targeting payment infrastructure, where any disruption of transaction channels can quickly trigger cascading effects on real‑world commerce.