What's Happening?
A ransomware attack on BridgePay Network Solutions, a third-party payment processing vendor, has caused credit card payment outages for several cities and public-sector entities, including utilities and at least one county. The incident, first reported
by BridgePay on Friday, has left services unavailable as the company works with internal and external specialists, as well as federal authorities like the U.S. Secret Service and FBI, to resolve the issue. While no credit card data was compromised, the attack has affected municipalities in North Texas, Michigan, Wisconsin, and Florida. Some jurisdictions, like Wichita, Kansas, have managed to restore services by finding workarounds. BridgePay, which operates as a back-end payment gateway, is collaborating with cybersecurity professionals to secure its environment and obtain clearance to access its systems.
Why It's Important?
This incident highlights the vulnerabilities in the digital infrastructure of local governments and the potential widespread impact of cyberattacks on public services. The reliance on third-party vendors for payment processing exposes municipalities to risks that can disrupt essential services and erode public trust. The involvement of federal authorities underscores the seriousness of the attack and the need for robust cybersecurity measures to protect sensitive data and ensure the continuity of public services. As cyber threats become more sophisticated, local governments must prioritize cybersecurity investments and develop contingency plans to mitigate the impact of such attacks.
What's Next?
Affected municipalities are likely to continue working with BridgePay and federal authorities to restore services and enhance their cybersecurity defenses. This incident may prompt local governments to reassess their reliance on third-party vendors and explore alternative solutions to safeguard their payment systems. Additionally, there may be increased pressure on vendors like BridgePay to demonstrate their commitment to cybersecurity and provide assurances to their clients. The broader public sector may also take this opportunity to review and strengthen their cybersecurity policies and practices to prevent future disruptions.
