diff --git a/app/controllers/users/webauthn_setup_controller.rb b/app/controllers/users/webauthn_setup_controller.rb
index 30f9d286e81..fa5148cd76f 100644
--- a/app/controllers/users/webauthn_setup_controller.rb
+++ b/app/controllers/users/webauthn_setup_controller.rb
@@ -25,6 +25,15 @@ def new
       analytics.webauthn_setup_visit(**result.to_h)
       save_challenge_in_session
       @exclude_credentials = exclude_credentials
+
+      if !result.success?
+        if @platform_authenticator
+          irs_attempts_api_tracker.mfa_enroll_webauthn_platform(success: false)
+        else
+          irs_attempts_api_tracker.mfa_enroll_webauthn_roaming(success: false)
+        end
+      end
+
       flash_error(result.errors) unless result.success?
     end
 
diff --git a/spec/controllers/users/webauthn_setup_controller_spec.rb b/spec/controllers/users/webauthn_setup_controller_spec.rb
index 79707620de0..c018ac89868 100644
--- a/spec/controllers/users/webauthn_setup_controller_spec.rb
+++ b/spec/controllers/users/webauthn_setup_controller_spec.rb
@@ -43,6 +43,7 @@
       it 'tracks page visit' do
         stub_sign_in
         stub_analytics
+        stub_attempts_tracker
 
         expect(@analytics).to receive(:track_event).
           with(
@@ -53,6 +54,8 @@
             success: true,
           )
 
+        expect(@irs_attempts_api_tracker).not_to receive(:track_event)
+
         get :new
       end
     end
@@ -272,6 +275,48 @@
           patch :confirm, params: params
         end
       end
+
+      context 'with attestation response error' do
+        let(:mfa_selections) { ['webauthn_platform'] }
+        let(:params) do
+          {
+            attestation_object: attestation_object,
+            client_data_json: setup_client_data_json,
+            name: 'mykey',
+            platform_authenticator: 'true',
+          }
+        end
+        it 'should log expected events' do
+          allow(IdentityConfig.store).to receive(:domain_name).and_return('localhost:3000')
+          allow(WebAuthn::AttestationStatement).to receive(:from).and_raise(StandardError)
+
+          expect(@analytics).to receive(:track_event).with(
+            'Multi-Factor Authentication Setup',
+            {
+              enabled_mfa_methods_count: 0,
+              errors: { name: [I18n.t(
+                'errors.webauthn_platform_setup.attestation_error',
+                link: MarketingSite.contact_url,
+              )] },
+              error_details: { name: [I18n.t(
+                'errors.webauthn_platform_setup.attestation_error',
+                link: MarketingSite.contact_url,
+              )] },
+              in_multi_mfa_selection_flow: true,
+              mfa_method_counts: {},
+              multi_factor_auth_method: 'webauthn_platform',
+              pii_like_keypaths: [[:mfa_method_counts, :phone]],
+              success: false,
+            },
+          )
+
+          expect(@irs_attempts_api_tracker).to receive(:track_event).with(
+            :mfa_enroll_webauthn_platform, success: false
+          )
+
+          patch :confirm, params: params
+        end
+      end
     end
 
     context 'Multiple MFA options turned off' do