When Microsoft Defender reports an "Unknown" breach containing some of your personal data that simply means that we found your data published as part of a breach, but there's no indication of what the source of the breach was.
This can be as simple as data thieves sharing a list of stolen data in a chat room or forum, or a shared file that contains stolen data. If we can't say with confidence where that data came from then the source of the breach is listed as "Unknown."
Can I figure out where it came from?
Maybe. If the data in the breach contains some unique piece of information - like a username or password that you only used on one site - then you may be able to identify the source of the breach.
What should I do about the information that was found?
Just because the source of the breach isn't known doesn't mean that the information isn't important or that you shouldn't take steps to protect yourself. For example, if you recognize a breached password, you should immediately change that password anywhere you've used it.
Visit the Identity theft monitoring help center for more information about what you can do about specifical types of stolen information.
