How was this possible if it's a "non-custodial wallet"? Please elaborate...
Requesting the seed phrases and passwords from your users to be sent without encryption to an email address that might be compromised sounds highly suspicious.
Investigation process is still taking place. After all researches, we will come back and write in details how that happened. Please, be patient.