diff --git a/apps/server/src/modules/account/domain/services/account.service.ts b/apps/server/src/modules/account/domain/services/account.service.ts
index 1bf1cbe2e02..67ed50641ce 100644
--- a/apps/server/src/modules/account/domain/services/account.service.ts
+++ b/apps/server/src/modules/account/domain/services/account.service.ts
@@ -211,17 +211,17 @@ export class AccountService extends AbstractAccountService implements DeletionSe
 		const firstLoginPassed = userPreferences ? userPreferences.firstLogin : false;
 
 		if (!user.forcePasswordChange && firstLoginPassed) {
-			throw new ForbiddenOperationError('The password is not temporary, hence can not be changed.');
+			throw new ForbiddenOperationError('The password is not temporary, hence can not be changed.', { userId });
 		} // Password change was forces or this is a first logon for the user
 
 		const account: Account = await this.findByUserIdOrFail(userId);
 
 		if (account.systemId) {
-			throw new ForbiddenOperationError('External account details can not be changed.');
+			throw new ForbiddenOperationError('External account details can not be changed.', { userId });
 		}
 
 		if (await this.validatePassword(account, password)) {
-			throw new ForbiddenOperationError('New password can not be same as old password.');
+			throw new ForbiddenOperationError('New password can not be same as old password.', { userId });
 		}
 
 		try {
diff --git a/src/middleware/errorHandler.js b/src/middleware/errorHandler.js
index 463e924ee98..abf01a5803d 100644
--- a/src/middleware/errorHandler.js
+++ b/src/middleware/errorHandler.js
@@ -126,6 +126,7 @@ const secretDataKeys = (() =>
 		'_csrf',
 		'searchUserPassword',
 		'authorization',
+		'student-email',
 	].map((k) => k.toLocaleLowerCase()))();
 
 const filterSecretValue = (key, value) => {