Palm Bay, FL – The city’s online billing payment portal went offline February 6 following a ransomware attack on BridgePay Network Solutions, the third-party vendor that processes credit card payments for municipal services. The outage affects utility bills, building permits, business tax receipts, and public works payments, forcing residents to use in-person or mail alternatives. No restoration timeline has been provided.

This marks the second time in seven years that Palm Bay residents have been impacted by a breach of a third-party payment processor. The pattern raises questions about vendor oversight and whether the city has contingency plans for critical infrastructure failures.

What Happened

BridgePay Network Solutions, a Lake Mary-based payment gateway serving over 100,000 merchants nationwide, detected degraded system performance at approximately 3:29 a.m. EST on February 6. By 7:08 p.m. that evening, the company confirmed ransomware as the cause of a complete service disruption affecting its payment gateway, virtual terminal, reporting systems, and hosted payment pages.

The attack crippled nearly every BridgePay service. Merchants across the country were forced into cash-only operations. Municipal governments in Florida and Texas reported similar disruptions to their online payment portals.

BridgePay stated its initial forensic findings indicated no payment card data was compromised and the attack appeared to be encryption-focused rather than involving data exfiltration. The company is working with internal teams, external cybersecurity specialists, the FBI, and the U.S. Secret Service forensic team. The ransomware group responsible has not been identified.

Impact on Palm Bay Residents

The city issued an eNotification at 4:11 p.m. on February 6 announcing the online billing payment portal was unavailable with no estimated restoration time. Palm Bay was one of the first municipalities publicly identified as affected by the BridgePay outage.

The city outlined these alternative payment options during the outage:

Utility payments: In-person cash, check, or credit card at Building E next to City Hall (120 Malabar Road). The online/phone portal can still accept checks. Check or money order payments may be placed in drop boxes at the front or back of City Hall.

Building Department: In-person cash or check at Building E next to City Hall.

Growth Management and Business Tax Receipts: In-person check or money order at City Hall.

Public Works: In-person check or money order at 1050 Malabar Road SW.

The disruption means the city lost all online credit card payment capability for every department. For a city of approximately 148,000 residents, this creates friction for routine transactions that many residents have shifted online in recent years.

Not the First Time

Palm Bay’s vulnerability to third-party payment processor breaches is not new. In August 2019, the city was hit by a breach of Click2Gov, an online utility payment platform operated by Central Square. Malware was discovered on the Click2Gov system, potentially compromising the billing information of up to 8,500 Palm Bay customers who used the online portal between July 27 and September 5, 2019.

Palm Bay was one of eight cities targeted in that attack wave, which also hit Deerfield Beach, Milton, and Coral Springs in Florida, as well as Bakersfield (CA), Pocatello (ID), and Ames (IA). The attackers used Magecart-style JavaScript injection to skim credit card data from payment forms. Over 20,000 records were compromised across all eight cities, and stolen credit card information was found for sale on dark web crime forums.

Click2Gov was breached in two separate waves, and Palm Bay was hit in both incidents. The city responded by removing suspicious files and migrating billing data to a new server, noting that the Click2Gov data was encrypted. The city urged residents to monitor their credit card statements.

Cybersecurity Funding Challenges

Palm Bay has been attempting to improve its cybersecurity infrastructure, but funding remains a challenge. A Florida Senate Local Funding Initiative Request filed in November 2025 seeks $1,685,400 in state funds to expand the city’s underground fiber infrastructure as Phase 4 of a cybersecurity hardening project.

The project’s goals include separating the city’s utility and non-utility network infrastructure, establishing a redundant underground fiber optic ring to eliminate single points of failure, isolating SCADA systems that control the city’s water and utilities, and achieving compliance with NIST cybersecurity standards.

The city’s FY2026 budget discussions revealed that IT received only about 2% ($1 million) of governmental capital requests, compared to 61% for transportation and 22% for public safety. Priority 1 IT needs included ERP software renewals and replacing edge switches that are 8 years old, well past their 6-year lifespan, which was identified as a risk. The city also had a previous $500,000 state appropriation for the fiber/cybersecurity project in FY2025-26, but it was vetoed.

The Bigger Pattern

The BridgePay ransomware attack highlights a critical vulnerability in municipal operations. Palm Bay has now been impacted twice through third-party payment processors in seven years. The city relies on external vendors for a core citizen-facing function, and those vendors have proven to be the weakest link.

A 2020 analysis found that local government entities accounted for 78% of publicly disclosed ransomware victims in Florida over a three-year period. Yet Palm Bay’s IT budget remains a fraction of its overall capital spending, and state funding for its cybersecurity fiber project was vetoed.

BridgePay has not provided any timeline for full restoration, and the ransomware group behind the attack remains unidentified. For a city of Palm Bay’s size, being unable to accept online credit card payments for an indefinite period creates real friction for residents paying utility bills, building permits, and other city services.

The recurring pattern is clear. Palm Bay’s vulnerability is not primarily in its own systems, but in the payment processing vendors it contracts with. Until the city either diversifies its payment infrastructure or imposes stronger cybersecurity requirements on vendors, this type of disruption will remain a recurring risk.

Sources

• City of Palm Bay eNotification, February 6, 2026

• BleepingComputer: Payment gateway BridgePay confirms ransomware attack behind outage

• Cybersecurity News: BridgePay Payment Gateway Hit by Ransomware

• WFTV: Possible data breach affects 8,500 Palm Bay residents who used online billing system

• Ars Technica: Payment card thieves hack Click2Gov bill paying portals in 8 cities

• Florida Senate Local Funding Initiative Request 2026-27, LFIR #3307

• The Palm Bayer: Palm Bay Tackles FY26 Budget

• StateScoop: Three-fourths of ransomware attacks in Florida targeted public sector