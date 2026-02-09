BridgePay payments system knocked offline by ransomware attack
US Secret Service is involved
- BridgePay hit by ransomware attack, forcing payment gateway services offline across the US
- Company says no payment card data compromised; investigation ongoing with forensic teams including US Secret Service
- Outage disrupted merchants nationwide, impacting APIs, virtual terminals, and forcing many to accept cash only
BridgePay, a major US payment gateway, suffered a ransomware attack late last week that knocked its services offline and caused problems for services across the country.
On a dedicated incident response page, BridgePay said on Friday that the outage it was experiencing, which forced its systems temporarily offline, was the result of a ransomware attack.
To contain and mitigate the threat, the company brought in specialized forensic and recovery teams, including the US Secret Service forensic team.
Attacker identity unknown
“Initial forensic findings indicate that no payment card data has been compromised, and any files that may have been accessed were encrypted,” the notification reads. “At this time, there is no evidence of usable data exposure.”
The newest update, posted on Sunday afternoon, said the investigation, as well as remediation efforts, were still ongoing.
So far, we don’t know who the threat actors are, or how they broke in. Usually, cybercriminals would either exploit a vulnerability in network-connected devices, or obtain login credentials through social engineering and phishing.
Also, the crooks would exfiltrate sensitive data from compromised systems, as leverage during the negotiation process. They would usually demand payment in Bitcoin, in exchange for deleting the data. For victims that don’t comply, their data ends up on the dark web.
The effects of the attack are felt throughout industries. BleepingComputer reports that many US merchants and organizations were forced to accept only cash. Multiple services were affected, including BridgePay Gateway API (BridgeComm), PayGuardian Cloud API, MyBridgePay virtual terminal and reporting, and many others.
Via BleepingComputer
