The most common reason for this is that your account is currently using a base configuration. This configuration means that only email addresses found as part of the Fresh Security discovery process are being monitored. These are the highly visible people in your organisation. We do not guarantee that we will find all email addresses used in an organisation. If we could, that would be a significant problem.
To maintain privacy, services like haveibeenpwned.com only allow searching based on a specific email address and not a general search based on the domain. So, if an email address was not found as part of the highly visible people discovery process, we will not search these privacy-aware services.
In our Clifton High School customer story, we describe how the school added non-visible accounts to the service to reduce the risk while teaching remotely - as a result of COVID19.
You can do the same for your organisation by raising a Fresh Security Support ticket, and we will add the extra accounts for you.