diff --git a/pkg/db/business_impl.go b/pkg/db/business_impl.go
index 2045d334..7e99e115 100644
--- a/pkg/db/business_impl.go
+++ b/pkg/db/business_impl.go
@@ -2387,6 +2387,11 @@ func (impl *BusinessStoreImpl) TransferOrganization(ctx context.Context, user *d
 		return nil, ErrMaintenance
 	}
 
+	if org.UserID.Int32 != user.ID {
+		slog.WarnContext(ctx, "Organization is not owned by user", "orgID", org.ID, "userID", user.ID)
+		return nil, ErrInvalidInput
+	}
+
 	if org.UserID.Int32 == newOwner.ID {
 		slog.WarnContext(ctx, "Organization is already owned by this user", "orgID", org.ID, "userID", newOwner.ID)
 		return nil, ErrInvalidInput
diff --git a/pkg/portal/org.go b/pkg/portal/org.go
index da3b81e5..d37c0f4d 100644
--- a/pkg/portal/org.go
+++ b/pkg/portal/org.go
@@ -40,9 +40,9 @@ type orgSettingsRenderContext struct {
 	CsrfRenderContext
 	CurrentOrg  *userOrg
 	NameError   string
+	Members     []*orgUser
 	CanEdit     bool
 	CanTransfer bool
-	Members     []*orgUser
 }
 
 type orgAuditLogsRenderContext struct {
diff --git a/pkg/portal/org_enterprise.go b/pkg/portal/org_enterprise.go
index c7b7b5b8..124b09af 100644
--- a/pkg/portal/org_enterprise.go
+++ b/pkg/portal/org_enterprise.go
@@ -447,11 +447,9 @@ func (s *Server) transferOrg(w http.ResponseWriter, r *http.Request) {
 
 	newOwner := &members[idx].User
 
-	// Execute the transfer in a transaction
 	auditEvents, err := s.Store.WithTx(ctx, func(impl *db.BusinessStoreImpl) ([]*common.AuditLogEvent, error) {
 		return impl.TransferOrganization(ctx, user, org, newOwner)
 	})
-
 	if err != nil {
 		slog.ErrorContext(ctx, "Failed to transfer organization", common.ErrAttr(err))
 		s.RedirectError(http.StatusInternalServerError, w, r)