If any site that takes KYC documents and sells the document to another party, then howcan to identify that if they do not disclose and/or if they do not mention about the data breach. As the data can be shared from various sites, we usually use various types of websites each day.
Yes, no one will know our data has been leaked, because only they know. Unless they make a mistake that leads to detection and suspicion of a violation (leaking user data). Of course, that's difficult to uncover, and again, you're right that no one will know.
Unless, you are one of those who is submitting your personal info (KYC) to many sites then yes, you wouldn't know that your info is leak. Because if you just submit your KYC for 1 or 2 site you will know your info got leak especially when you received random spam emails, got registered on other sites without you doing it, random calls, etc.
Aside from the manual way to detect your data being stolen and used for identity compromising activities, have some tools that i may share you the link on requests where you can detect datas amd documents that are already being misused by identity thefts.
But sure, what one need to do is to minimise how many sites you do kyc on and try to stick to reputable services and sont follow offers that promises high returns but ask for your documents.