If any site that takes KYC documents and sells the document to another party, then howcan to identify that if they do not disclose and/or if they do not mention about the data breach. As the data can be shared from various sites, we usually use various types of websites each day.
Yes, no one will know our data has been leaked, because only they know. Unless they make a mistake that leads to detection and suspicion of a violation (leaking user data). Of course, that's difficult to uncover, and again, you're right that no one will know.
Unless, you are one of those who is submitting your personal info (KYC) to many sites then yes, you wouldn't know that your info is leak. Because if you just submit your KYC for 1 or 2 site you will know your info got leak especially when you received random spam emails, got registered on other sites without you doing it, random calls, etc.