Denton City Card Pay Crashes After Feb. 6, 2026 Ransomware

Credit and debit card payments for Denton’s online utility bills went offline after Feb. 6, 2026, when BridgePay, a third-party card-processing vendor used for those transactions, reported a cybersecurity incident and later confirmed ransomware.

What Happened in the Breach

Residents in Denton, Texas lost the ability to pay utility bills online with credit or debit cards after BridgePay Network Solutions suffered a ransomware attack that knocked key payment services offline, according to BridgePay status updates and city communications.

City updates described the disruption as a “cyber incident” affecting card transactions, while BridgePay publicly confirmed ransomware and said it was working with federal authorities including the FBI and the U.S. Secret Service forensic team.

BridgePay repeatedly said it did not consider the event a card data breach, stating that no payment card data was compromised and that any files that may have been accessed were encrypted, with no evidence of usable data exposure in early forensics.

Timeline: From First Access To Latest Update

1. Feb. 6, 2026, 5:48 a.m. EST – BridgePay reported an outage under investigation
2. Feb. 6, 2026, 6:34 a.m. EST – BridgePay said the disruption related to a cybersecurity incident and said it was investigating with internal teams, external specialists, and the FBI, with no restoration estimate
3. Feb. 6, 2026, 7:08 p.m. EST – BridgePay said systems were temporarily unavailable and said it was working with the U.S. Secret Service forensic team and cybersecurity professionals
4. Feb. 7, 2026 – BridgePay said it confirmed ransomware and repeated its position that payment card data was not compromised
5. Feb. 10, 2026 – Denton-area reporting said the outage prevented online credit and debit card utility payments, and the city said it would notify the public if a card data breach later surfaced
6. Feb. 13, 2026 – A City of Denton staff report said online utility bill payments using credit or debit cards had been unable to process since Feb. 6, and it listed alternate payment options while late fees and disconnects remained paused until Feb. 23
7. Feb. 17, 2026 – The City of Denton said online card payment options were restored after Invoice Cloud temporarily used a different card processing provider
8. Feb. 20, 2026 – A City of Denton staff report repeated that online card payments were restored, described autopay impacts for scheduled payments, and kept late fees and service cutoffs paused until Feb. 23

What Data Or Systems Were Affected

The operational impact centered on availability, not confirmed exposure of cardholder data, because Denton’s online utility bill card processing stopped working when BridgePay services went down.

BridgePay said it was not treating the incident as a card data breach and said early forensic work indicated no payment card data compromise, with any potentially accessed files encrypted and no evidence of usable data exposure at that stage.

City communications also said neither debit nor credit card data was suspected to have been compromised at the time of its updates, while noting the situation remained ongoing.

Who Was Responsible (Confirmed Vs Alleged)

BridgePay has not publicly named a ransomware group, and reporting on the incident said no ransomware gang had publicly taken credit in the early days after the outage.

Public information on Denton’s utility payment disruption ties the event to BridgePay’s confirmed ransomware incident rather than to a Denton-only attack on city infrastructure.

How The Attack Worked

BridgePay described a cybersecurity incident that escalated into confirmed ransomware, with the company taking systems offline and coordinating forensic and recovery work alongside federal law enforcement and external incident response support.

BridgePay has not published a technical root-cause account describing initial access, lateral movement, or data exfiltration, and city updates said BridgePay did not provide Denton with a firm restoration timeline during the outage window.

Impact and Risks for Customers

Denton customers faced immediate payment friction because online card payments for utilities stopped processing, including Pay As You Go card transactions referenced in city reporting.

The city paused late fees and service cutoffs to reduce immediate harm while the card channel was down, then extended that pause through Feb. 23, 2026 as it transitioned to a temporary alternate card processing provider.

The broader BridgePay outage affected multiple public-sector entities and utilities across the United States, raising the risk of phishing attempts that use breach news as a pretext, even when a card data breach has not been confirmed.

Company Response And Customer Remediation

The City of Denton directed customers to alternate payment paths during the outage, including Venmo, PayPal, and PayPal Credit inside the online utility account flow, bank eCheck, self-service kiosks, and in-person payments at the customer service lobby.

City updates said additional staff would be available to support in-person card payments, and the city emphasized ongoing public updates through its official channels.

On Feb. 17, 2026, the city said it restored online card payments after Invoice Cloud temporarily used a different card processing provider, rather than waiting for BridgePay’s full platform recovery.

BridgePay said it engaged federal authorities and specialized forensic and recovery teams, and it continued to publish status updates while warning that restoration could take time.

Government, Law Enforcement, And Regulator Actions

BridgePay said it was working with the FBI and the U.S. Secret Service forensic team as part of the investigation and recovery effort.

Public reporting framed the Denton disruption as a downstream impact from a vendor incident rather than a city-run payment platform breach, and it described the event as part of a wider set of local government payment outages tied to BridgePay’s ransomware attack.

Financial, Legal, And Business Impact

The City of Denton used fee and cutoff suspensions as a short-term financial relief step, first communicating pauses during the outage and later extending them through Feb. 23, 2026 as normal card payment options resumed.

Public sources reviewed did not show confirmed Denton-specific litigation connected to the card-payment disruption, and the city’s updates focused on continuity of bill collection through alternate channels rather than on compensation payments.

Industry and government-technology reporting said the BridgePay ransomware incident caused cascading outages for multiple cities, utilities, and at least one county, creating operational costs through customer support demand, manual workarounds, and interrupted payment flows.

What Remains Unclear About the Incident

BridgePay has not published the initial access vector, the ransomware family, or a definitive accounting of what files attackers accessed before encryption, beyond its statement that any potentially accessed files were encrypted and early work found no evidence of usable data exposure.

Denton has not published a count of failed or delayed payments tied to the outage window, and public updates have not quantified the customer impact beyond describing the loss of online card processing and the need for alternate payment methods.

The timing of BridgePay’s full restoration across all downstream government portals remains unclear from public sources, because Denton restored card payments through a temporary alternate processor rather than through a documented BridgePay recovery milestone.

Why This Incident Matters

The Denton payment disruption shows how a ransomware hit on a single third-party payments vendor can interrupt basic municipal services without a confirmed card data breach, because availability failures alone can block bill payment at scale.

The city’s rapid shift to alternate payment rails and its suspension of late fees and cutoffs shows the practical value of contingency planning for payment acceptance, especially for essential services like utilities.

The event also highlights vendor concentration risk in the public sector, since reporting tied BridgePay’s outage to multiple government clients across states, amplifying the blast radius of a single ransomware event.

Bright Defense: Reducing Ransomware and Third-Party Payment Outage Risk

Bright Defense can reduce payment outage and ransomware risk through penetration testing that targets real billing workflows, vendor access paths, privileged access, and early stage signals in logging.

Bright Defense’s continuous compliance services can keep vendor risk, access reviews, incident response readiness, and monitoring aligned to SOC 2 expectations while supporting continuity planning with tested fallback processors, documented recovery steps, and customer communications playbooks.

Sources

1. BridgePay Network Solutions – BridgePay Network Solutions Status Updates (Feb. 6, 2026 to Feb. 17, 2026)
   https://status.bridgepaynetwork.com/

1. City of Denton – Customer Service Update: Online Utility Card Payments Restored (Feb. 17, 2026)
   https://www.cityofdenton.com/314/Customer-Service
2. City of Denton – Friday Staff Report: BridgePay Outage Update (Feb. 13, 2026)
   https://www.cityofdenton.com/DocumentCenter/View/13340/021326-Friday-Staff-Report
3. City of Denton – Friday Staff Report: BridgePay Outage Update and Late Fees Until Feb. 23 (Feb. 20, 2026)
   https://www.cityofdenton.com/DocumentCenter/View/13372/022026-Friday-Staff-Report
4. KERA News – Cybersecurity attack impacts Denton Municipal Utilities’ online bill pay system (Feb. 10, 2026) https://www.keranews.org/news/2026-02-10/cybersecurity-attack-impacts-denton-municipal-utilities-online-bill-pay-system
5. Community Impact – City of Denton’s utility bill payments system down from cyber incident (Feb. 10, 2026)https://communityimpact.com/dallas-fort-worth/denton/government/2026/02/10/city-of-dentons-utility-bill-payments-system-down-from-cyber-incident/
6. Government Technology – Cyber Attack Disrupts Local Government Payment Systems (Feb. 11, 2026)https://www.govtech.com/security/cyber-attack-disrupts-local-government-payment-systems
7. The Record – Payment tech provider for Texas, Florida governments working with FBI to resolve ransomware attack (Feb. 9, 2026) https://therecord.media/payment-tech-provider-texas-florida-govs-ransomware-attack
8. BleepingComputer – Payments platform BridgePay confirms ransomware attack behind outage (Feb. 7, 2026) https://www.bleepingcomputer.com/news/security/payments-platform-bridgepay-confirms-ransomware-attack-behind-outage/
9. KBTX – Ransomware attack halting online payments for 70,000 BTU customers tied to BridgePay (Feb. 11, 2026)https://www.kbtx.com/2026/02/11/cybersecurity-expert-explains-impact-ransomware-attack-halting-online-payments-btu-customers/