diff --git a/typo3/sysext/backend/Classes/Controller/MfaController.php b/typo3/sysext/backend/Classes/Controller/MfaController.php
index adebc0f7c39f084aa9bbd271d80155d9dbf6248c..0bf1ccd734e8414efa5dc20c0b6fa9dfa72af5dc 100644
--- a/typo3/sysext/backend/Classes/Controller/MfaController.php
+++ b/typo3/sysext/backend/Classes/Controller/MfaController.php
@@ -136,7 +136,7 @@ class MfaController extends AbstractMfaController
                 error: SystemLogErrorClassification::SECURITY_NOTICE
             );
             $this->eventDispatcher->dispatch(
-                new MfaVerificationFailedEvent($request, $propertyManager)
+                new MfaVerificationFailedEvent($request, $propertyManager, $mfaProvider)
             );
             // If failed, initiate a redirect back to the auth view
             return new RedirectResponse($this->uriBuilder->buildUriWithRedirect(
diff --git a/typo3/sysext/core/Classes/Authentication/Event/MfaVerificationFailedEvent.php b/typo3/sysext/core/Classes/Authentication/Event/MfaVerificationFailedEvent.php
index ebc3cf1a11e498ff176a954d257e6e92254872ac..e2f0365fb72718401dac102d640092bfa406c77f 100644
--- a/typo3/sysext/core/Classes/Authentication/Event/MfaVerificationFailedEvent.php
+++ b/typo3/sysext/core/Classes/Authentication/Event/MfaVerificationFailedEvent.php
@@ -19,6 +19,7 @@ namespace TYPO3\CMS\Core\Authentication\Event;
 
 use Psr\Http\Message\ServerRequestInterface;
 use TYPO3\CMS\Core\Authentication\AbstractUserAuthentication;
+use TYPO3\CMS\Core\Authentication\Mfa\MfaProviderManifestInterface;
 use TYPO3\CMS\Core\Authentication\Mfa\MfaProviderPropertyManager;
 
 /**
@@ -29,6 +30,7 @@ final class MfaVerificationFailedEvent extends AbstractAuthenticationFailedEvent
     public function __construct(
         private readonly ServerRequestInterface $request,
         private readonly MfaProviderPropertyManager $propertyManager,
+        private readonly MfaProviderManifestInterface $mfaProvider,
     ) {
         parent::__construct($this->request);
     }
@@ -40,11 +42,16 @@ final class MfaVerificationFailedEvent extends AbstractAuthenticationFailedEvent
 
     public function getProviderIdentifier(): string
     {
-        return $this->propertyManager->getIdentifier();
+        return $this->mfaProvider->getIdentifier();
     }
 
     public function getProviderProperties(): array
     {
         return $this->propertyManager->getProperties();
     }
+
+    public function isProviderLocked(): bool
+    {
+        return $this->mfaProvider->isLocked($this->propertyManager);
+    }
 }
diff --git a/typo3/sysext/webhooks/Classes/Message/MfaVerificationErrorOccurredMessage.php b/typo3/sysext/webhooks/Classes/Message/MfaVerificationErrorOccurredMessage.php
new file mode 100644
index 0000000000000000000000000000000000000000..de5f1391195a46f471a2e6e1d01aad9f6764e3cf
--- /dev/null
+++ b/typo3/sysext/webhooks/Classes/Message/MfaVerificationErrorOccurredMessage.php
@@ -0,0 +1,67 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * This file is part of the TYPO3 CMS project.
+ *
+ * It is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License, either version 2
+ * of the License, or any later version.
+ *
+ * For the full copyright and license information, please read the
+ * LICENSE.txt file that was distributed with this source code.
+ *
+ * The TYPO3 project - inspiring people to share!
+ */
+
+namespace TYPO3\CMS\Webhooks\Message;
+
+use Psr\Http\Message\UriInterface;
+use TYPO3\CMS\Core\Attribute\WebhookMessage;
+use TYPO3\CMS\Core\Authentication\Event\MfaVerificationFailedEvent;
+use TYPO3\CMS\Core\Messaging\WebhookMessageInterface;
+
+/**
+ * @internal not part of TYPO3's Core API
+ */
+#[WebhookMessage(
+    identifier: 'typo3/mfa-error',
+    description: 'LLL:EXT:webhooks/Resources/Private/Language/locallang_db.xlf:sys_webhook.webhook_type.typo3-mfa-error'
+)]
+final class MfaVerificationErrorOccurredMessage implements WebhookMessageInterface
+{
+    public function __construct(
+        private readonly bool $isFrontend,
+        private readonly UriInterface $url,
+        private readonly array $details,
+    ) {
+    }
+
+    public function jsonSerialize(): array
+    {
+        return [
+            'context' => $this->isFrontend ? 'frontend' : 'backend',
+            'url' => (string)$this->url,
+            'details' => $this->details,
+        ];
+    }
+
+    public static function createFromEvent(MfaVerificationFailedEvent $event): self
+    {
+        $user = $event->getUser();
+
+        return new self(
+            $event->isFrontendAttempt(),
+            $event->getRequest()->getUri(),
+            [
+                'user' => [
+                    'id' => $user->user[$user->userid_column],
+                    'name' => $user->user[$user->username_column],
+                ],
+                'provider' => $event->getProviderIdentifier(),
+                'isLocked' => $event->isProviderLocked(),
+            ]
+        );
+    }
+}
diff --git a/typo3/sysext/webhooks/Resources/Private/Language/locallang_db.xlf b/typo3/sysext/webhooks/Resources/Private/Language/locallang_db.xlf
index 1977525a20829a2e7a06110cc78173a66858d7a1..29f890cc3d9641f2cc3e14bf82468d47e3703d76 100644
--- a/typo3/sysext/webhooks/Resources/Private/Language/locallang_db.xlf
+++ b/typo3/sysext/webhooks/Resources/Private/Language/locallang_db.xlf
@@ -73,6 +73,9 @@
 			<trans-unit id="sys_webhook.webhook_type.typo3-login-error" resname="sys_webhook.webhook_type.typo3-login-error">
 				<source>... when an error occurs on log in</source>
 			</trans-unit>
+			<trans-unit id="sys_webhook.webhook_type.typo3-mfa-error" resname="sys_webhook.webhook_type.typo3-mfa-error">
+				<source>... when an error occurs on multi-factor authentication</source>
+			</trans-unit>
 			<trans-unit id="sys_webhook.webhook_type.typo3-file-added" resname="sys_webhook.webhook_type.typo3-file-added">
 				<source>... when a file is added</source>
 			</trans-unit>