HIBP operates two completely separate services that store different types of data:
Breach data — Only email addresses are stored, along with metadata about which breaches they appeared in (e.g. data classes like dates of birth, passwords, phone numbers). The actual compromised data from breaches is never stored or shown; only the fact that an email address was involved and what types of data were exposed.
Pwned Passwords — Password hashes from breaches are stored in a completely separate system with no connection to any email address or identity. It is not possible to look up which email address a password belonged to, or vice versa.
These two services are intentionally isolated from each other. HIBP never links a specific password to a specific person.