diff --git a/backend/api/auth.py b/backend/api/auth.py
index 284284b..b6556ed 100644
--- a/backend/api/auth.py
+++ b/backend/api/auth.py
@@ -232,15 +232,14 @@ async def login(
 
     # Verify password (anti-enumeration: same error regardless of whether user exists)
     if user is None or not auth_service.verify_password(body.password, user.password_hash):
-        # D-13: log login failure WITHOUT PII (no email, no password) — T-04-07-01
         await write_audit_log(
             session,
             event_type="auth.login_failed",
-            user_id=None,
-            actor_id=None,
+            user_id=user.id if user else None,
+            actor_id=user.id if user else None,
             resource_id=None,
             ip_address=_ip,
-            metadata_=None,
+            metadata_={"attempted_email": str(body.email)},
         )
         await session.commit()
         raise HTTPException(
diff --git a/frontend/src/components/admin/AuditLogTab.vue b/frontend/src/components/admin/AuditLogTab.vue
index 2ba7eec..ade4021 100644
--- a/frontend/src/components/admin/AuditLogTab.vue
+++ b/frontend/src/components/admin/AuditLogTab.vue
@@ -109,7 +109,11 @@
           >
             <td class="px-4 py-3 font-mono text-xs text-gray-500">{{ formatTimestamp(entry.created_at) }}</td>
             <td class="px-4 py-3 text-sm text-gray-700">{{ entry.user_handle || entry.user_id || '—' }}</td>
-            <td class="px-4 py-3 text-sm text-gray-500">{{ entry.user_email || '—' }}</td>
+            <td class="px-4 py-3 text-sm text-gray-500">
+              <span v-if="entry.user_email">{{ entry.user_email }}</span>
+              <span v-else-if="entry.metadata_?.attempted_email" class="text-amber-600">{{ entry.metadata_.attempted_email }} <span class="text-xs">(attempted)</span></span>
+              <span v-else>—</span>
+            </td>
             <td class="px-4 py-3">
               <span
                 class="text-xs px-2 py-1 rounded-full font-medium"