The company warns that forensic work and system restoration may take several more day
BridgePay Network Solutions remains offline following a ransomware attack which has caused a multi‑day outage across its payment systems, with the company warning that recovery will take time as forensic work continues.
The disruption began early on February 6, when the US-based company reported a system‑wide outage affecting its gateway APIs, virtual terminal, hosted payment pages and reporting tools. By that afternoon, BridgePay confirmed it was dealing with a cybersecurity incident and had engaged the FBI, US Secret Service, and external forensic specialists.
In a series of updates, BridgePay has since confirmed the incident was the result of a ransomware attack, with restoration efforts still underway.
Initial analysis indicates that no payment card data was compromised, and any files that may have been accessed were encrypted. BridgePay says there is currently no evidence of usable data exposure, though a full forensic review is ongoing.
The company has repeatedly stressed that the recovery process must be handled “safely and securely,” noting that ransomware investigations typically require extended containment and validation before systems can be brought back online.
Merchants and partners continue to face disruption
BridgePay operates nationally across the US, serving a mix of retail, hospitality, municipal, and service‑sector clients. BridgePay’s technology often sits behind third‑party software platforms, meaning outages can cascade across multiple merchant categories simultaneously .
With services still unavailable, merchants and integrators across the US continue to experience payment processing outages. BridgePay has acknowledged the operational impact, thanking partners for their “patience, trust and continued support” as teams work through the incident.
In its most recent communication on February 9, at 14:17 EST, BridgePay said it is “making progress” in its investigation and expects to have more clarity around a restoration timeline within the next 24–48 hours. Until then, all services remain offline.
Similar ransomware incidents across the payments ecosystem
The BridgePay attack follows a broader pattern of ransomware campaigns targeting payment processors, gateways, and financial infrastructure providers. Over the past two years, several high‑impact incidents have disrupted merchant services and exposed systemic dependencies on third‑party platforms.
Notable examples include:
- Fiserv (2025): A ransomware‑linked outage affected debit and ATM processing for multiple US banks
- NCR (2023): A ransomware attack on NCR’s Aloha POS platform caused prolonged downtime for restaurants across the US.
- Diebold Nixdorf (2020 & 2023): Two separate ransomware incidents disrupted ATM and retail POS services globally.
These incidents underscore a persistent trend: attackers are increasingly focusing on middleware and infrastructure providers whose systems underpin thousands of downstream merchants. The BridgePay outage — now stretching into multiple days — reinforces the operational and reputational risks facing payment intermediaries as ransomware groups continue to evolve their tactics.
