diff --git a/src/plone/restapi/services/locking/__init__.py b/src/plone/restapi/services/locking/__init__.py
index 1b22e975a6..327e22b775 100644
--- a/src/plone/restapi/services/locking/__init__.py
+++ b/src/plone/restapi/services/locking/__init__.py
@@ -9,7 +9,10 @@
 
 def creator_name(username):
     user = api.user.get(username=username)
-    return user.getProperty("fullname") or username
+    if user:
+        return user.getProperty("fullname") or username
+    else:
+        return username
 
 
 def creator_url(username):
diff --git a/src/plone/restapi/tests/test_locking.py b/src/plone/restapi/tests/test_locking.py
index 191b4d6bd8..4131c43da7 100644
--- a/src/plone/restapi/tests/test_locking.py
+++ b/src/plone/restapi/tests/test_locking.py
@@ -1,3 +1,4 @@
+from plone import api
 from plone.app.testing import login
 from plone.app.testing import SITE_OWNER_NAME
 from plone.app.testing import SITE_OWNER_PASSWORD
@@ -112,3 +113,21 @@ def test_update_locked_object_with_token_succeeds(self):
         transaction.commit()
         self.assertEqual(response.status_code, 204)
         self.assertEqual(self.doc.Title(), "New Title")
+
+    def test_lock_user_removed(self):
+        lockable = ILockable(self.doc)
+        api.user.create(
+            username="foo",
+            email="foo@bar.com",
+            roles=["Manager"],
+        )
+        with api.env.adopt_user(username="foo"):
+            lockable.lock()
+        api.user.delete(username="foo")
+        transaction.commit()
+        # the user that locked the object is no longer present
+        response = self.api_session.get("/@lock")
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.json()["creator"], "foo")
+        self.assertEqual(response.json()["creator_name"], "foo")
+        self.assertTrue(lockable.locked())