London Drugs, a Western-Canadian drug store chain, is still trying to recover from what it calls a cybersecurity incident that was discovered on the weekend. On Tuesday afternoon, when this podcast was recorded, the company said in a tweet that all of its stores were still closed and phone lines disconnected until it can get on top of the attack. But the company now says it is investigating if any data might have been compromised in the attack. That’s a change from Monday, when it said at that time there was no reason to believe that customer or employee data has been impacted. London Drugs is similar to Walmart in that it not only has pharmacies but also sells a wide range of consumer and electronic products. It has 80 stores across four Canadian provinces and more than 9,000 employees.

Expect fireworks this afternoon at a U.S. Congressional committee hearing. UnitedHealth Group CEO Andrew Witty is scheduled to testify about February’s ransomware attack. The AlphV/BlackCat gang hit a division called Change Healthcare that provides billing and data services to hospitals and clinics across the U.S., causing financial woes in the healthcare sector. When Witty appears committee members will be armed with a copy of his opening statement, which says the attackers used compromised credentials to break into a portal protected with a Citrix application. But portal logins weren’t protected with multi-factor authentication. UnitedHealth bought Change Healthcare two years ago. Witty also says the decision to pay a ransom to get access to stolen and encrypted data was his. The number of victims impacted by the incident would be equal to a “substantial portion of people in America,” Witty says.

Developers using the R programming language are urged to update their version fast because of a vulnerability.Researchers at Hiddlen Layer say the open-source environment often used for statistical computing has a hole that could allow an attacker who creates a malicious RDS file to execute code. Developers should upgrade to version 4.4.0. R is widely used in healthcare, finance and government IT departments.

The U.S. Federal Communications Commission has levied almost US $200 million in fines against Sprint, T-Mobile, AT&T and Verizon for selling customers’ real-time location information to data brokers without subscribers’ consent. The fines had been proposed four years ago.

To comply with a European law, Apple is allowing users of its devices in the EU to get apps not only from the Apple store but also from other app marketplaces. However, researches at an app maker called Mysk say the way Apple allows this through its Safari browser is clumsy. In fact, they argue Apple’s approach can expose iPhone users in the EU being tracked. That’s because the Safari solution doesn’t allow the origin of a marketplace website to be checked against the site’s URL. The Brave browser does that.