diff --git a/service-api/app/src/App/src/Service/Log/Output/Email.php b/service-api/app/src/App/src/Service/Log/Output/Email.php
index fb1f728807..d250cef340 100644
--- a/service-api/app/src/App/src/Service/Log/Output/Email.php
+++ b/service-api/app/src/App/src/Service/Log/Output/Email.php
@@ -14,7 +14,6 @@ public function __construct(private string $email)
 
     public function __toString(): string
     {
-        $hash = hash('sha256', $this->email);
-        return sprintf($hash);
+        return hash('sha256', $this->email);
     }
 }
diff --git a/service-api/app/test/AppTest/Service/User/UserServiceTest.php b/service-api/app/test/AppTest/Service/User/UserServiceTest.php
index 8996c87e87..8bac6f9871 100644
--- a/service-api/app/test/AppTest/Service/User/UserServiceTest.php
+++ b/service-api/app/test/AppTest/Service/User/UserServiceTest.php
@@ -11,6 +11,7 @@
 use App\Exception\GoneException;
 use App\Exception\NotFoundException;
 use App\Exception\UnauthorizedException;
+use App\Service\Log\Output\Email;
 use App\Service\User\UserService;
 use DateTime;
 use Exception;
@@ -189,6 +190,36 @@ public function cannot_add_existing_user_as_email_used_in_reset()
         $us->add($userData);
     }
 
+    /** @test */
+    public function logsNoticeWhenPasswordResetIsRequestedForNonExistentAccount(): void
+    {
+        $email        = 'nonexistent@example.com';
+        $hashed_email = hash('sha256', $email);
+
+        $repoProphecy   = $this->prophesize(ActorUsersInterface::class);
+        $loggerProphecy = $this->prophesize(LoggerInterface::class);
+
+        $repoProphecy
+            ->recordPasswordResetRequest(Argument::cetera())
+            ->willThrow(Exception::class);
+
+        $loggerProphecy
+            ->notice(
+                'Attempt made to reset password for non-existent account',
+                Argument::that(function ($arg) use ($hashed_email) {
+                    return $arg['email'] instanceof Email && (string)($arg['email']) == $hashed_email;
+                })
+            )
+            ->shouldBeCalled();
+
+        $userService = new UserService($repoProphecy->reveal(), $loggerProphecy->reveal());
+
+        try {
+            $userService->requestPasswordReset($email);
+        } catch (Exception) {
+        }
+    }
+
     /** @test */
     public function can_get_a_user_from_storage(): void
     {