This should be a very simple implemention to check if an account is using an email that has been breached. I know this might give some false positives but better to be aware of it then later to check if it is/was.
https://haveibeenpwned.com has a free API
Notes: When you first run a check it would probably give you some positives. That’s fine. You should just go over them and see if there’s any action needed or flag them as read.
The benefit comes after time when suddenly a user is flagged as having their email breached.