What Happened
No traditional data breach involving unauthorized external access or leak of Otter.ai user data occurred in 2025. Instead, multiple class-action lawsuits filed starting August 2025 (e.g., *Brewer v. Otter.ai Inc.*, No. 5:25-cv-06911, N.D. Cal. Aug. 15, 2025) alleged that Otter.ai’s Otter Notetaker and OtterPilot tools automatically joined Zoom, Google Meet, and Microsoft Teams meetings, recorded conversations of non-users without their consent or real-time notice, captured biometric voiceprints and metadata, stored recordings indefinitely, and used them to train AI speech recognition models, violating laws like the federal Electronic Communications Privacy Act (ECPA), California Invasion of Privacy Act (CIPA), Illinois Biometric Information Privacy Act (BIPA), and others. Plaintiffs claimed Otter shifted consent responsibility to meeting hosts, sent unsolicited transcripts to attendees, and enabled default auto-join features that persisted despite disable attempts, potentially affecting millions in Otter.ai’s 25 million-user base that processed over 1 billion meetings since 2016, though no specific number of exposed records was quantified and no substantive court rulings had issued by late 2025.
