TL;DR: BridgePay Network Solutions, a major U.S. payment gateway, got hit by a ransomware attack at 3:29 a.m. EST on February 6, 2026. The attack knocked out card processing for merchants nationwide. Restaurants went cash-only, cities couldn't collect utility payments online, and businesses scrambled to keep operating. As of February 8, systems are still down with no restoration timeline. BridgePay says initial forensics show no payment card data was compromised, but the investigation is ongoing. The FBI and U.S. Secret Service are involved. The ransomware group responsible hasn't been named.

3:29 AM and the Cards Stop Working

On February 6, 2026, at 3:29 a.m. EST, BridgePay's monitoring systems detected degraded performance across its gateway infrastructure. By 5:48 a.m., the degradation had escalated into a full-blown outage. By 6:34 a.m., the company's internal teams identified a cybersecurity incident [1].

By morning, merchants across the United States started realizing their card readers didn't work.

Restaurants posted signs saying they could only take cash. The City of Palm Bay, Florida announced its online utility payment portal was down. The City of Frisco, Texas reported payment disruptions. Lightspeed Commerce, a point-of-sale platform used by thousands of small businesses, flagged the outage to its merchants [1][2].

Late on February 6, about 12 hours after the first signs of trouble, BridgePay confirmed what everyone suspected: ransomware.

Everything Went Down

This wasn't a partial disruption. The attack took out every major BridgePay service [1][2]:

  • BridgePay Gateway API (BridgeComm): the core system merchants use to process card transactions
  • PayGuardian Cloud API: cloud-based payment processing
  • MyBridgePay virtual terminal and reporting: merchant dashboards and transaction records
  • Hosted payment pages: web-based checkout systems
  • PathwayLink gateway and boarding portals: merchant onboarding and management

Every tool BridgePay offers to process, manage, and report on payments went offline simultaneously. For merchants whose only payment pipeline runs through BridgePay, that meant one thing: cash or nothing.

Three Days Later, Still Down

As of the latest status update on February 8, BridgePay's systems remain offline [3]. The company's status page reads like a loop: "We are continuing to work with our internal teams and external partners to address the issue." No estimated time for restoration. No phased recovery timeline. Just "we'll update you tomorrow" [3].

BridgePay says recovery is being handled "in a secure and responsible manner," which is corporate-speak for "we don't know when the lights come back on." The company has engaged the FBI, U.S. Secret Service, external forensic teams, and cybersecurity specialists [1].

Three days of no card processing is an eternity for small businesses that run on thin margins. Every day the system stays down, merchants lose sales from customers who don't carry cash.

The Data Question

Here's the part everyone wants to know: is your credit card data compromised?

BridgePay's official statement: "Initial forensic findings indicate that no payment card data has been compromised, and any files that may have been accessed were encrypted" [1].

The key word is "initial." Every major breach investigation starts with reassurance and ends with revised numbers. Conduent started at 4 million affected and just hit 26 million. The full picture usually looks worse than the first forensic pass.

BridgePay also hasn't named the ransomware group responsible. Whether that's because they genuinely don't know yet, or because naming the group could complicate negotiations, isn't clear. BleepingComputer reached out for details and got no response on that point [1].

Why You've Never Heard of BridgePay

BridgePay Network Solutions isn't a name most people know. That's by design: payment processors operate behind the scenes. When you swipe your card at a restaurant, the transaction passes through layers of companies you'll never see: the point-of-sale system, the payment gateway, the acquiring bank, the card network, and the issuing bank.

BridgePay sits in the gateway layer. They route transactions between merchants and the financial system. Partners like Lightspeed Commerce, ThriftTrac, and numerous small-to-medium businesses depend on BridgePay to process every card swipe.

That invisible position is exactly what makes attacks on payment processors so disruptive. When a restaurant gets hacked, one restaurant goes down. When a payment gateway gets hacked, every merchant on that gateway goes down at once.

The Ransomware-as-a-Service Problem

Payment processors are attractive ransomware targets for an obvious reason: every hour of downtime costs real money. Attackers don't even need to steal data: just encrypting systems and halting transactions creates enough pain to force negotiations.

This attack follows a pattern of ransomware groups targeting critical infrastructure. Two cybersecurity professionals just pleaded guilty to running BlackCat/ALPHV ransomware attacks while working as defenders. The healthcare sector has been hammered relentlessly. Government contractors keep falling. Now payment processors are getting hit.

The ransomware-as-a-service model means attacks are more accessible than ever. You don't need to be a sophisticated hacker: you buy access to a ransomware platform, find a target, and split the profits with the platform operator. The BlackCat affiliates paid 20% of their $1.2 million ransom to the platform's administrators.

What You Should Do

If you've used a card at a business that processes through BridgePay, here's the practical advice:

  • Monitor your card statements. Check for unauthorized charges over the next 30-60 days. Even though BridgePay says no card data was compromised, "initial findings" are exactly that, initial.
  • Set up transaction alerts. Most banks and credit card issuers let you get instant notifications for every charge. Turn them on now if you haven't already.
  • Use credit over debit. Credit cards have stronger fraud protections under federal law. If card data did leak, credit card fraud is easier to dispute than debit card fraud.
  • Carry some cash. Sounds old-fashioned, but when a payment processor goes down, cash is the only thing that works. This outage proved that.
  • Watch for phishing. After major breaches, scammers send fake "security alert" emails impersonating the affected company. BridgePay won't email you directly: they don't have your contact information. Any email claiming to be from BridgePay about this incident is a scam.

The Bigger Picture

The BridgePay attack exposes a reality most people don't think about: the entire card payment system depends on a handful of companies you've never heard of. When one of them goes down, the cascade is immediate and widespread.

There's no backup. There's no failover. When your payment gateway gets ransomwared, your options are cash or closed.

And this wasn't some tiny company. BridgePay is a major U.S. payment gateway with enough merchant volume to cause a noticeable disruption across multiple states. If they can't keep ransomware operators out, the question isn't whether another payment processor will get hit, it's when.

Sources

  1. BleepingComputer: Payments platform BridgePay confirms ransomware attack behind outage (February 7, 2026)
  2. Cyber Security News: BridgePay Payment Gateway Hit by Ransomware, Causing Nationwide Transaction Outages (February 7, 2026)
  3. BridgePay Network Solutions: Status Page (accessed February 9, 2026)