BridgePay Ransomware Attack Causes Major Disruptions
BridgePay Network Solutions, a prominent payment gateway provider in the United States, has confirmed that a ransomware attack has severely disrupted its services, affecting merchants and their ability to process card transactions nationwide.
The incident began in the early hours of February 6, 2026, with noticeable performance issues in key systems, including the virtual terminal Gateway.Itstgate.com, reporting tools, and the API. By 5:48 a.m. EST, BridgePay released its initial status update, indicating that their systems were down with no clear timeline for resolution.
Investigation and Response Efforts
Just an hour later, at 6:34 a.m., BridgePay identified the issue as a cybersecurity incident. They quickly launched an investigation involving internal teams, external experts, and the FBI. Despite these efforts, no timeline for system restoration was provided.
By noon, the company confirmed ongoing system unavailability and emphasized its collaboration with the U.S. Secret Service’s forensic team and cybersecurity professionals to assess and clear the affected systems.
Ransomware Confirmation and Merchant Impact
At 7:08 p.m. EST on February 7, BridgePay confirmed that ransomware was responsible for the disruption. Initial forensic investigations indicated that while files were encrypted, there was no evidence of payment card data being compromised or any usable data being exposed.
The attack affected several core services, including the BridgePay Gateway API (BridgeComm), PayGuardian Cloud API, MyBridgePay virtual terminal, hosted payment pages, and PathwayLink gateway. Merchants, like a restaurant chain, had to switch to cash-only operations, citing the national cybersecurity breach as the cause.
Ongoing Recovery and Future Outlook
The impact extended to other entities such as Lightspeed Commerce, ThriftTrac, and the City of Frisco, Texas. BridgePay assured that there was no immediate threat to integrators and prioritized a secure restoration process.
Federal authorities, including the FBI and Secret Service, along with top forensic and cybersecurity teams, are engaged in recovery efforts. The company acknowledged that the recovery might be prolonged, focusing on customer protection without disclosing the ransomware group’s identity.
As the restoration efforts continue, BridgePay aims for a swift yet careful recovery, with more updates promised. This incident highlights the growing threat of ransomware to payment infrastructures, where such disruptions can severely impact commerce. BridgePay’s case, with encryption-only access, adds to the uncertainty for businesses dependent on their services, as no full recovery timeline is currently available.
For regular updates on cybersecurity, follow us on Google News, LinkedIn, and X. Reach out to feature your stories.
