diff --git a/src/Api/Controllers/OrganizationsController.cs b/src/Api/Controllers/OrganizationsController.cs
index 2485c3522..310f3387d 100644
--- a/src/Api/Controllers/OrganizationsController.cs
+++ b/src/Api/Controllers/OrganizationsController.cs
@@ -150,6 +150,12 @@ namespace Bit.Api.Controllers
                 throw new UnauthorizedAccessException();
             }
 
+            var plan = StaticStore.Plans.FirstOrDefault(plan => plan.Type == model.PlanType);
+            if (plan == null || plan.LegacyYear != null)
+            {
+                throw new Exception("Invalid plan selected.");
+            }
+
             var organizationSignup = model.ToOrganizationSignup(user);
             var result = await _organizationService.SignUpAsync(organizationSignup);
             return new OrganizationResponseModel(result.Item1);