Which data leak is likely responsible?

[Destination]

Which data leak is likely responsible?

Today my wife received one of the classic email scam posts, the we know you've been watching porn, send us bitcoin style one.
This differed from usual in that

Hello Full name!
First of all I want to inform you that I know where you live Complete address with postcode.
Unfortunately for you and fortunately for me, due to the fact that you regularly visit adult websites, your device has been infected with a virus.
This virus allowed me to copy all your contacts and record all your activity on your device.
I also managed to record you watching adult movies (by the way .... you have good taste).
I managed to edit a video of you masturbating and in the bottom right corner I put the video you were watching.
You can imagine what a beautiful collage I managed to make.
If you don't want this video to reach all your contacts send me 500GBP worth of bitcoin.
My bitcoin wallet is:

Instead of sent to [email protected]
Its been sent to her name, and stated her full address including postcode.
Obviously this is information harvested from one of the data breaches, nothing on have i been pwned is reported to contain any information to her address, in fact her email address has very little on there, compared to my own which has seethingly awful amount of leaks associated with it.

Any ideas which data breach is responsible hive mind?

 

[Destination]

It doesn't need to have all come from a single source.
Once you've got an email address and username from one breach it can be quite easy to piece together a lot more info from there.

Does she have the search by email address enabled on facebook? (Is that even still a thing?)

She doesn't have that enabled, nor indeed is her home address on facebook or anywhere on her social media, nor is her email and name linked in any way, or any such easy follows, given the method of presentation, it looks like field population from form data, and the way it is presented looks like full email name address loss, just pondering the source.

The bitcoin wallet was
My bitcoin wallet is: 1F99ocgAiB9LjcRioTrepiWLTPJaJaC5iB

 

[Destination]

I don't think the bitcoin address is relevant because it changes in each spam email. Gmail has intercepted around 15 spam emails. It's not the exact same wording as the OP's email but it's along the same lines:



Further down in the email, it quotes a Bitcoin address, but in each of the 15 spam emails that I had that is worded exactly in my quote, the Bitcoin address was different.

Aye we've had similar before but never stating actual name and full address, usually just sent to the email name.