Why doesn't the Identity theft report disclose the service that was breached?
I received a report from the Identity Theft Cheker. It disclosed that there has been a breach, but does not disclose the service that was breached, why?
There are several reasons for the service to not be disclosed.
It can be that the breach in question is part of an ongoing law enforcement investigation and revealing details of that breach may compromise the investigation. Until those are resolved it remains as undisclosed.
Sensitive sources where the content is categorized as sensitive for the affected users.
A combo list is typically a compilation of multiple breach datasets (datasets from multiple different breaches, data dumps etc), made into one giant list and openly shared in the dark web. In this case the source information can simply be lost.