Sign up to save your podcasts
Or
Share When Your Vendor Becomes Your Vulnerability
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
When Your Vendor Becomes Your Vulnerability
EPISODE DESCRIPTION
In this episode, Dr. Tuboise Floyd breaks down the Korean Air / KC&D supply chain breach — a forensic autopsy of what happens when data governance doesn’t travel with the data.
In December 2025, Korean Air disclosed that 30,000 employee records were stolen. The breach didn’t come through Korean Air’s systems. It came through KC&D Service — a catering subsidiary spun off and sold to private equity in 2020. Five years later, KC&D was still holding Korean Air employee data on an unpatched Oracle ERP server. The Cl0p ransomware group exploited CVE-2025-61882 — CVSS 9.8 — and published 500GB on a dark web leak site.
Six TAIMScore™ controls failed simultaneously. Three domains. All because the data moved out of sight — not out of risk.
This is a Failure File. Not a warning. A forensic record.
Key Topics:
∙ Supply chain governance and third-party vendor risk
∙ What happens when a divestiture doesn’t include data governance
∙ The Oracle EBS zero-day and its 100+ organizational victims
∙ TAIMScore™ forensic: GOVERN, MAP, and MANAGE domain failures
∙ The one question every institution needs to ask today
GUESTS
No guests. Solo episode.
TAIMScore™ Assessor Workshop
https://humansignal.io/taimscore_assessor_workshop
SUBSCRIBE & SUPPORT
Subscribe now to lock in the feed. This isn’t just content — it’s a continuing briefing for the Builder Class.
Support Human Signal:
Help fuel six months of new episodes, visual briefs, and honest playbooks.
🔗 https://humansignal.io/support
Every contribution sustains the signal.
ABOUT THE HOST
Dr. Tuboise Floyd is the founder of Human Signal, a strategy lab and podcast for people deploying AI inside government agencies, universities, and enterprise systems. A PhD social scientist and former federal contracting strategist, he reverse-engineers system failures and designs AI governance controls that survive real humans, real incentives, and real pressure.
PRODUCTION NOTES
Host & Producer: Dr. Tuboise Floyd
Creative Director: Jeremy Jarvis
Tech Specs:
Recorded with true analog warmth. No artificial polish, no algorithmic smoothing. Just pure signal and real presence for leaders who value authentic sound.
CONNECT
LinkedIn: linkedin.com/in/tuboise
Email: [email protected]
TRANSCRIPT
Full transcript available upon request at [email protected]
TAGS/KEYWORDS
AI Governance, Supply Chain Risk, Third-Party Vendor Risk, Data Breach, Korean Air, KC&D, Cl0p Ransomware, Oracle EBS, CVE-2025-61882, TAIMScore, TAIM Framework, Failure File, Institutional Risk, Dr. Tuboise Floyd, Human Signal
HASHTAGS
#AIGovernance #SupplyChainRisk #DataBreach #TAIMScore #FailureFile #ThirdPartyRisk #CyberSecurity #InstitutionalRisk #HumanSignal #AIGovernanceBriefing
LEGAL
© 2026 Dr. Tuboise Floyd. All rights reserved. Content is part of the Presence Signaling Architecture® (PSA), GASP™ and L.E.A.C. Protocol™.
View all episodes
By Dr. Tuboise FloydEPISODE DESCRIPTION
In this episode, Dr. Tuboise Floyd breaks down the Korean Air / KC&D supply chain breach — a forensic autopsy of what happens when data governance doesn’t travel with the data.
In December 2025, Korean Air disclosed that 30,000 employee records were stolen. The breach didn’t come through Korean Air’s systems. It came through KC&D Service — a catering subsidiary spun off and sold to private equity in 2020. Five years later, KC&D was still holding Korean Air employee data on an unpatched Oracle ERP server. The Cl0p ransomware group exploited CVE-2025-61882 — CVSS 9.8 — and published 500GB on a dark web leak site.
Six TAIMScore™ controls failed simultaneously. Three domains. All because the data moved out of sight — not out of risk.
This is a Failure File. Not a warning. A forensic record.
Key Topics:
∙ Supply chain governance and third-party vendor risk
∙ What happens when a divestiture doesn’t include data governance
∙ The Oracle EBS zero-day and its 100+ organizational victims
∙ TAIMScore™ forensic: GOVERN, MAP, and MANAGE domain failures
∙ The one question every institution needs to ask today
GUESTS
No guests. Solo episode.
TAIMScore™ Assessor Workshop
https://humansignal.io/taimscore_assessor_workshop
SUBSCRIBE & SUPPORT
Subscribe now to lock in the feed. This isn’t just content — it’s a continuing briefing for the Builder Class.
Support Human Signal:
Help fuel six months of new episodes, visual briefs, and honest playbooks.
🔗 https://humansignal.io/support
Every contribution sustains the signal.
ABOUT THE HOST
Dr. Tuboise Floyd is the founder of Human Signal, a strategy lab and podcast for people deploying AI inside government agencies, universities, and enterprise systems. A PhD social scientist and former federal contracting strategist, he reverse-engineers system failures and designs AI governance controls that survive real humans, real incentives, and real pressure.
PRODUCTION NOTES
Host & Producer: Dr. Tuboise Floyd
Creative Director: Jeremy Jarvis
Tech Specs:
Recorded with true analog warmth. No artificial polish, no algorithmic smoothing. Just pure signal and real presence for leaders who value authentic sound.
CONNECT
LinkedIn: linkedin.com/in/tuboise
Email: [email protected]
TRANSCRIPT
Full transcript available upon request at [email protected]
TAGS/KEYWORDS
AI Governance, Supply Chain Risk, Third-Party Vendor Risk, Data Breach, Korean Air, KC&D, Cl0p Ransomware, Oracle EBS, CVE-2025-61882, TAIMScore, TAIM Framework, Failure File, Institutional Risk, Dr. Tuboise Floyd, Human Signal
HASHTAGS
#AIGovernance #SupplyChainRisk #DataBreach #TAIMScore #FailureFile #ThirdPartyRisk #CyberSecurity #InstitutionalRisk #HumanSignal #AIGovernanceBriefing
LEGAL
© 2026 Dr. Tuboise Floyd. All rights reserved. Content is part of the Presence Signaling Architecture® (PSA), GASP™ and L.E.A.C. Protocol™.