{{propApi.title}}
{{propApi.text}} {{region}} Change location{{propApi.title}}
{{propApi.successMessage}} {{region}} Change location {{propApi.title}}
{{propApi.text}} {{region}} Change location{{propApi.title}}
{{propApi.successMessage}} {{region}} Change locationHIA response to MOVEit Transfer software breach
HIA response to MOVEit Transfer software breach
Member and guest login
Enter your email and password to access secured content, members only resources and discount prices.
Did you become a member online? If not, you will need to activate your account to login.
If you are having problems logging in, please call HIA helpdesk on 1300 650 620 during business hours.
Forgotten password
Need some help?
If you are having problems logging in, please call HIA helpdesk on 1300 650 620 during business hours.
If the email address you have entered is registered, you will receive an email with further instructions.
Become part of the HIA community
Enables quick and easy registration for future events or learning and grants access to expert advice and valuable resources.
Create a guest account
Enter your details below and create a login
HIA did not share any financial, credit or accounting information. It is important to note that HIA’s own systems were not impacted by the incident.
Impacted individuals will be contacted with advice and support. If you have been impacted, you will receive this advice via email or by letter.
Find some frequently asked questions below
1. Why did I receive a notification letter?
HIA work with PwC, who provide a variety of professional services, including assurance and consulting advice and have historically utilised the MOVEit Transfer software to transfer data related to their engagement. A previously unknown security vulnerability in the MOVEit Transfer software meant that a third party was able to download files related to HIA and PwC’s engagement, and some of those files included your personal information.
Given the nature of your information that was accessed, PwC have sent you a notification letter with details of the incident and important information about actions you can take.
2. What is the MOVEit incident?
The MOVEit Transfer software application is used by a significant number of organisations worldwide to securely send and receive data. Up until recently, PwC Australia used the MOVEit Transfer software application to transfer or receive information for some of its engagements with its clients. A previously unknown security vulnerability in the MOVEit Transfer software meant that a third party was able to download files and information stored in the application. PwC Australia is one of the many organisations worldwide that has been impacted by the incident.
More detail about the incident is available on MOVEit’s website.
3. Whose fault is this?
A group known as Cl0p has claimed responsibility for the attack on the MOVEit Transfer software and the disclosure of the information obtained. Cl0p exploited a security vulnerability in the third party file transfer software called MOVEit Transfer.
More detail about the incident is available on MOVEit’s website.
4. Who stole the data?
A group known as Cl0p has claimed responsibility for the attack on the MOVEit Transfer software and the disclosure of the information obtained. However, as is common in data breaches, we do not know who else may have accessed the information which has been published since the incident.
5. What does this mean for me?
HIA did not upload any of your financial, credit or accounting records to MOVEit Transfer as part of PwC’s engagement with HIA and PwC has not identified any such information in their investigation.
Further, to our knowledge no individual has been the victim of identity theft or fraud. However, we recommend that you continue to monitor your data and personal information and be alert to any suspicious activity, i.e possible fraudulent emails, letters, phone calls and SMS messages. Please review the tips provided to you in your notification letter.
6. Could more of my data be leaked?
After becoming aware of the incident, PwC switched off the MOVEit Transfer software and promptly notified HIA of its documents which were affected.
7. How do I protect myself from this happening again?
Unfortunately Data breaches are on the rise globally. We suggest that you continue to monitor your personal information and be aware of suspicious activity.
8. PwC in partnership with IDCARE
PwC has partnered with IDCARE, Australia’s national identity and cyber support community service.
They have expert Case Managers who can work with you in addressing concerns in relation to personal information risks in instances where you think your information may have been misused. IDCARE’s services are at no cost to you.
If you wish to speak with one of their expert Case Managers please complete their online form.
Impacted members should have received a notification letter/email with a referral code. When engaging IDCARE please use the referral code included on your notification letter/email.
Please note that IDCARE is a separate entity independent of PwC and HIA. They are a registered Australian charity that specialises in identity security remediation and support. Please refer to IDCARE for further information and a copy of their Privacy Policy.
If you believe the data incident is causing you to suffer distress, try to reach out to family or friends or to one of the below support services for help:
Visit: Beyond Blue
Call: 1300 224 636
Visit: Lifeline
Call: 13 11 14
Note: If you believe you are at physical risk, please call emergency services (000) immediately.
9. Who is IDCare and what do they do?
IDCare is Australia’s national identity and cyber support community service. They have expert Case Managers who can work with you in relation to personal information risks in instances where you think your information may have been misused. IDCARE’s services are at no cost to you. If you wish to speak with one of their expert Case Managers please complete their online form.
IDCARE is available Monday to Friday 9am to 5pm AEST (excluding public holidays).
When engaging IDCARE please use the referral code included on your notification letter/email.
IDCARE services include:
- Specialist identity and cyber security case management that works with individuals to assess their unique risks and develop personalised response plans.
- IDCARE specialists include counselors and social workers as well as cyber technicians. In addition to pragmatic support, IDCARE can also extend Technical remediation support provided by cyber technicians, extended by IDCARE where it is deemed appropriate. IDCARE’s case managers are trained to anticipate, identify and respond to instances where specialist treatment is needed.
- Case management is confidential and each individual is provided their own unique client ID which limits what IDCARE needs to collect in order to assist individuals.
Taxes and regulatory costs continue to damage Victorian housing affordability
Today, HIA has released a report commissioned from the Centre for International Economics (CIE) on Taxation of the Housing Sector. This Report is an update to the work undertaken in 2019.
House and ‘tax’ package
Today, HIA released its Taxation of the Housing Sector (2025) Report, which is an update on the 2019 Report.
Housing taxation doubles in just 5 years
Today, HIA has released a report commissioned from the Centre for International Economics (CIE) on Taxation of the Housing Sector.
Off-the-Plan Contracts and Obsolete Restrictive Covenants
The Housing Industry Association (HIA) takes this opportunity to respond to the Discussion Paper (Paper) on the review of Contracts and Covenants released by the Office of Registrar General on 22 January 2025. The Paper explores potential reforms to laws governing off-the-plan contracts and covenants.