full

Korean Air KC&D: Supply Chain Breach and the Data That Never Left

Published on: 26th March, 2026

EPISODE DESCRIPTION

In this episode of The AI Governance Briefing, Dr. Tuboise Floyd breaks down the Korean Air / KC&D supply chain breach — a forensic autopsy of what happens when data governance doesn't travel with the data.

In December 2025, Korean Air disclosed that 30,000 employee records were stolen. The breach didn't come through Korean Air's systems. It came through KC&D Service — a catering subsidiary spun off and sold to private equity in 2020. Five years later, KC&D was still holding Korean Air employee data on an unpatched Oracle ERP server. The Cl0p ransomware group exploited CVE-2025-61882 — CVSS 9.8 — and published 500GB on a dark web leak site.

Six TAIMScore™ controls failed simultaneously. Three domains. All because the data moved out of sight — not out of risk.

This is a Failure File™. Not a warning. A forensic record.

──────────────────────────────────────

KEY TOPICS

──────────────────────────────────────

∙ Supply chain governance and third-party vendor risk

∙ What happens when a divestiture doesn't include data governance

∙ The Oracle EBS zero-day and its 100+ organizational victims

∙ TAIMScore™ forensic: GOVERN, MAP, and MANAGE domain failures

∙ The one question every institution needs to ask today

──────────────────────────────────────

FRAMEWORKS REFERENCED

──────────────────────────────────────

→ Failure Files™ — humansignal.io/failure-files

→ TAIMScore™ Assessor Workshop — humansignal.io/taimscore_assessor_workshop

→ GASP™ (Governance As a Structural Problem) — humansignal.io/frameworks/gasp

→ The Trust Gap — humansignal.io/frameworks/trust-gap

→ L.E.A.C. Protocol™ — humansignal.io/leac-protocol

──────────────────────────────────────

SUPPORT THE SHOW

──────────────────────────────────────

Subscribe now to lock in the feed. This isn't just content — it's a continuing briefing for the Builder Class.

Help fuel independent AI governance research, new episodes, and the Failure Files™ series.

🔗 https://theaigovernancebriefing.com/support

Every contribution sustains the signal.

──────────────────────────────────────

ABOUT THE HOST

──────────────────────────────────────

Dr. Tuboise Floyd is the Founder and Chief Sensemaking Officer of Human Signal — an independent AI governance research and media platform based in Washington, DC. He is the Editor in Chief of The AI Governance Record, Host of The AI Governance Briefing, and a TAIMScore™ Certified Assessor (HISPI, March 2026).

A PhD social scientist (Auburn University, Adult Education / Systems Theory), Dr. Floyd reverse-engineers institutional AI failures and builds governance frameworks that operators can actually use. His canonical thesis: most institutions will not fail because of a bad AI model. They will fail because of a broken governance structure around it.

Independence is not a feature. It is the product.

──────────────────────────────────────

PRODUCTION NOTES

──────────────────────────────────────

Host & Producer: Dr. Tuboise Floyd

Creative Director: Jeremy Jarvis

A Human Signal Production

Recorded with true analog warmth. No artificial polish, no algorithmic smoothing. Just pure signal and real presence for leaders who value authentic sound.

──────────────────────────────────────

CONNECT

──────────────────────────────────────

Website: humansignal.io

Podcast: theaigovernancebriefing.com

LinkedIn: linkedin.com/in/drtuboisefloyd

Email: tuboise@theaigovernancebriefing.com

General inquiries: hello@theaigovernancebriefing.com

──────────────────────────────────────

TRANSCRIPT

──────────────────────────────────────

Full transcript available at:

https://theaigovernancebriefing.com/blog

──────────────────────────────────────

LEGAL

──────────────────────────────────────

© 2026 Dr. Tuboise Floyd. All rights reserved. Content is part of the Presence Signaling Architecture® (PSA), GASP™, and L.E.A.C. Protocol™. Human Signal is an independent research and media platform. Nothing in this episode constitutes legal, regulatory, compliance, or professional advice. Case studies are based on publicly available information and presented as pedagogical tools — not legal findings or accusations of wrongdoing.

──────────────────────────────────────

TAGS

──────────────────────────────────────

AI governance, supply chain risk, third-party vendor risk, data breach, Korean Air, KC&D, Cl0p ransomware, Oracle EBS, CVE-2025-61882, TAIMScore, TAIM framework, Failure Files, institutional risk, data governance, divestiture risk, vendor oversight, AI accountability, GASP framework, Trust Gap, governance failure, Dr. Tuboise Floyd, Human Signal, The AI Governance Briefing



This podcast uses the following third-party services for analysis:

OP3 - https://op3.dev/privacy
Next Episode All Episodes Previous Episode

Listen for free

Show artwork for The AI Governance Briefing with Dr. Tuboise Floyd

About the Podcast

The AI Governance Briefing with Dr. Tuboise Floyd
AI Governance · Institutional Risk · Federal Policy · Dr. Tuboise Floyd · Human Signal
About the Podcast

The AI Governance Briefing with Dr. Tuboise Floyd
The AI Governance Briefing serves operators navigating institutions disrupted by artificial intelligence. Hosted by Dr. Tuboise Floyd — founder, researcher, and principal analyst at Human Signal.

The market has split in two. The consumption economy trades in noise, checklists, and compliance theater. The investment economy trades in signal infrastructure, physics, and sovereignty. The AI Governance Briefing serves the investment economy as its intelligence feed. We do not trade in content. We trade in leverage.

Each episode applies the TAIMScore™ framework, GASP™ diagnostic, L.E.A.C. Protocol™, and the Failure Files™ instrument to reverse-engineer real institutional AI failures, and to build governance infrastructure before autonomous systems break the institution.

Produced with Creative Director Jeremy Jarvis, the show covers asymmetric strategy, critical infrastructure, and the physics of risk for government contracting and builder sectors.

New episodes, visual briefs, and honest playbooks at https://theaigovernancebriefing.com/podcast

© 2026 Dr. Tuboise Floyd. All rights reserved.

Episode content applies the TAIMScore™ framework, GASP™ diagnostic, L.E.A.C. Protocol™, and the Failure Files™ instrument. The AI Governance Briefing publishes under Human Signal. The AI Governance Briefing operates as an independent media and research platform.

All episode content, including analysis, case studies, and framework application, is provided for educational and informational purposes only. Nothing in any episode constitutes legal, regulatory, compliance, financial, or professional advice. No advisory or consulting relationship is created by listening to or engaging with this content. Guest opinions are those of the guest alone and do not represent the positions of Human Signal or Dr. Tuboise Floyd. Case studies and institutional failure analyses are based on publicly available information and are presented as pedagogical tools, not legal findings or regulatory determinations.

This podcast uses the following third-party services for analysis: OP3 — https://op3.dev/privacy

© 2026 Dr. Tuboise Floyd. All rights reserved.
Support This Show