diff --git a/core/Application.php b/core/Application.php
index 06b8a6fedec3c420abf1685ca4e64b82890eb3e6..879ac1cff744695e672d5d293db175ff57926ff3 100644
--- a/core/Application.php
+++ b/core/Application.php
@@ -36,6 +36,7 @@ use OC\Authentication\Events\RemoteWipeStarted;
 use OC\Authentication\Listeners\RemoteWipeActivityListener;
 use OC\Authentication\Listeners\RemoteWipeEmailListener;
 use OC\Authentication\Listeners\RemoteWipeNotificationsListener;
+use OC\Authentication\Listeners\UserDeletedStoreCleanupListener;
 use OC\Authentication\Notifications\Notifier as AuthenticationNotifier;
 use OC\Core\Notification\RemoveLinkSharesNotifier;
 use OC\DB\MissingIndexInformation;
@@ -44,6 +45,7 @@ use OCP\AppFramework\App;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\IDBConnection;
 use OCP\IServerContainer;
+use OCP\User\Events\UserDeletedEvent;
 use OCP\Util;
 use Symfony\Component\EventDispatcher\GenericEvent;
 
@@ -172,6 +174,7 @@ class Application extends App {
 		$eventDispatcher->addServiceListener(RemoteWipeFinished::class, RemoteWipeActivityListener::class);
 		$eventDispatcher->addServiceListener(RemoteWipeFinished::class, RemoteWipeNotificationsListener::class);
 		$eventDispatcher->addServiceListener(RemoteWipeFinished::class, RemoteWipeEmailListener::class);
+		$eventDispatcher->addServiceListener(UserDeletedEvent::class, UserDeletedStoreCleanupListener::class);
 	}
 
 }
diff --git a/lib/composer/composer/autoload_classmap.php b/lib/composer/composer/autoload_classmap.php
index 95156cf633eac55aa5ff04f5fbb4ddcc4196ed86..88058b0c8844d2a2e9f6b0a4b0763729fc0d7217 100644
--- a/lib/composer/composer/autoload_classmap.php
+++ b/lib/composer/composer/autoload_classmap.php
@@ -602,6 +602,7 @@ return array(
     'OC\\Authentication\\Listeners\\RemoteWipeActivityListener' => $baseDir . '/lib/private/Authentication/Listeners/RemoteWipeActivityListener.php',
     'OC\\Authentication\\Listeners\\RemoteWipeEmailListener' => $baseDir . '/lib/private/Authentication/Listeners/RemoteWipeEmailListener.php',
     'OC\\Authentication\\Listeners\\RemoteWipeNotificationsListener' => $baseDir . '/lib/private/Authentication/Listeners/RemoteWipeNotificationsListener.php',
+    'OC\\Authentication\\Listeners\\UserDeletedStoreCleanupListener' => $baseDir . '/lib/private/Authentication/Listeners/UserDeletedStoreCleanupListener.php',
     'OC\\Authentication\\LoginCredentials\\Credentials' => $baseDir . '/lib/private/Authentication/LoginCredentials/Credentials.php',
     'OC\\Authentication\\LoginCredentials\\Store' => $baseDir . '/lib/private/Authentication/LoginCredentials/Store.php',
     'OC\\Authentication\\Login\\ALoginCommand' => $baseDir . '/lib/private/Authentication/Login/ALoginCommand.php',
diff --git a/lib/composer/composer/autoload_static.php b/lib/composer/composer/autoload_static.php
index f6af611ac1e24d21a443e5924538cfabc4d33151..a69fbcd06df4e719d41994ef8c2ea5dbc092e0be 100644
--- a/lib/composer/composer/autoload_static.php
+++ b/lib/composer/composer/autoload_static.php
@@ -631,6 +631,7 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
         'OC\\Authentication\\Listeners\\RemoteWipeActivityListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/RemoteWipeActivityListener.php',
         'OC\\Authentication\\Listeners\\RemoteWipeEmailListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/RemoteWipeEmailListener.php',
         'OC\\Authentication\\Listeners\\RemoteWipeNotificationsListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/RemoteWipeNotificationsListener.php',
+        'OC\\Authentication\\Listeners\\UserDeletedStoreCleanupListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/UserDeletedStoreCleanupListener.php',
         'OC\\Authentication\\LoginCredentials\\Credentials' => __DIR__ . '/../../..' . '/lib/private/Authentication/LoginCredentials/Credentials.php',
         'OC\\Authentication\\LoginCredentials\\Store' => __DIR__ . '/../../..' . '/lib/private/Authentication/LoginCredentials/Store.php',
         'OC\\Authentication\\Login\\ALoginCommand' => __DIR__ . '/../../..' . '/lib/private/Authentication/Login/ALoginCommand.php',
diff --git a/lib/private/Authentication/Listeners/UserDeletedStoreCleanupListener.php b/lib/private/Authentication/Listeners/UserDeletedStoreCleanupListener.php
new file mode 100644
index 0000000000000000000000000000000000000000..4a74ca82e1fe755bfbabe9895b1ccc179d67c368
--- /dev/null
+++ b/lib/private/Authentication/Listeners/UserDeletedStoreCleanupListener.php
@@ -0,0 +1,50 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright 2020 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @author 2020 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+namespace OC\Authentication\Listeners;
+
+use OC\Authentication\TwoFactorAuth\Registry;
+use OCP\EventDispatcher\Event;
+use OCP\EventDispatcher\IEventListener;
+use OCP\User\Events\UserDeletedEvent;
+
+class UserDeletedStoreCleanupListener implements IEventListener {
+
+	/** @var Registry */
+	private $registry;
+
+	public function __construct(Registry $registry) {
+		$this->registry = $registry;
+	}
+
+	public function handle(Event $event): void {
+		if (!($event instanceof UserDeletedEvent)) {
+			return;
+		}
+
+		$this->registry->deleteUserData($event->getUser());
+	}
+
+}
diff --git a/lib/private/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDao.php b/lib/private/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDao.php
index adf16887efac744bbd05d95ad8c12e8a9f712b68..4e8f9731d943a1ce7bd3eb4f81cc6b7562a4c891 100644
--- a/lib/private/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDao.php
+++ b/lib/private/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDao.php
@@ -93,6 +93,15 @@ class ProviderUserAssignmentDao {
 
 	}
 
+	public function deleteByUser(string $uid) {
+		$qb = $this->conn->getQueryBuilder();
+
+		$deleteQuery = $qb->delete(self::TABLE_NAME)
+			->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid)));
+
+		$deleteQuery->execute();
+	}
+
 	public function deleteAll(string $providerId) {
 		$qb = $this->conn->getQueryBuilder();
 
diff --git a/lib/private/Authentication/TwoFactorAuth/Registry.php b/lib/private/Authentication/TwoFactorAuth/Registry.php
index 151299b28e314a417481dd28222568a6df0e1fa6..97df2bd53119b571c70b4c731a126017fb27be46 100644
--- a/lib/private/Authentication/TwoFactorAuth/Registry.php
+++ b/lib/private/Authentication/TwoFactorAuth/Registry.php
@@ -66,6 +66,13 @@ class Registry implements IRegistry {
 		$this->dispatcher->dispatch(self::EVENT_PROVIDER_DISABLED, $event);
 	}
 
+	/**
+	 * @todo evaluate if we should emit RegistryEvents for each of the deleted rows -> needs documentation
+	 */
+	public function deleteUserData(IUser $user): void {
+		$this->assignmentDao->deleteByUser($user->getUID());
+	}
+
 	public function cleanUp(string $providerId) {
 		$this->assignmentDao->deleteAll($providerId);
 	}
diff --git a/tests/lib/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDaoTest.php b/tests/lib/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDaoTest.php
index 67eb27cfdeef2ddd0730a906af72df815d4d2fc3..9be2e64e980b5226ba171bafe8e1302195439c6f 100644
--- a/tests/lib/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDaoTest.php
+++ b/tests/lib/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDaoTest.php
@@ -131,6 +131,20 @@ class ProviderUserAssignmentDaoTest extends TestCase {
 		$this->assertCount(1, $data);
 	}
 
+	public function testDeleteByUser() {
+		$this->dao->persist('twofactor_fail', 'user1', 1);
+		$this->dao->persist('twofactor_u2f', 'user1', 1);
+		$this->dao->persist('twofactor_fail', 'user2', 0);
+		$this->dao->persist('twofactor_u2f', 'user1', 0);
+
+		$this->dao->deleteByUser('user1');
+
+		$statesUser1 = $this->dao->getState('user1');
+		$statesUser2 = $this->dao->getState('user2');
+		$this->assertCount(0, $statesUser1);
+		$this->assertCount(1, $statesUser2);
+	}
+
 	public function testDeleteAll() {
 		$this->dao->persist('twofactor_fail', 'user1', 1);
 		$this->dao->persist('twofactor_u2f', 'user1', 1);
diff --git a/tests/lib/Authentication/TwoFactorAuth/RegistryTest.php b/tests/lib/Authentication/TwoFactorAuth/RegistryTest.php
index 2f59d14992a7741226507db50ed3c2fa431b1165..90fc4a9d27ad31834ef2311ffcd765b12fdf938d 100644
--- a/tests/lib/Authentication/TwoFactorAuth/RegistryTest.php
+++ b/tests/lib/Authentication/TwoFactorAuth/RegistryTest.php
@@ -108,6 +108,16 @@ class RegistryTest extends TestCase {
 		$this->registry->disableProviderFor($provider, $user);
 	}
 
+	public function testDeleteUserData() {
+		$user = $this->createMock(IUser::class);
+		$user->expects($this->once())->method('getUID')->willReturn('user123');
+		$this->dao->expects($this->once())
+			->method('deleteByUser')
+			->with('user123');
+
+		$this->registry->deleteUserData($user);
+	}
+
 	public function testCleanUp() {
 		$this->dao->expects($this->once())
 			->method('deleteAll')