The data is stored in the
<prefix>login_security_solution_fail table. The plugin doesn't have a user interface to view it, but you can run your own queries if you're curious.
As long as the "Breach Email Confirm" is set to a reasonable number, attackers are blocked from actually getting in. In the unlikely event they do get lucky, LSS will force them out and require the actual user to verify their identity via the password reset process.
The plugin's verbosity freaks people out. I've been scaling that back in recent releases. Right now emails are sent each time the attack count is a modulus of "Failure Notification" setting. Maybe I should just have one email go out when the threshold is reached and that's it. What do you think?