Company errors, not hackers, responsible for almost 60% of breaches.
More than half of internet users in Europe have had their personal records compromised since 2005, according to a new study by the Central European University.
UK residents were particularly affected, with two British records being taken for every person living in the country, and a quarter of all attacks originating from here.
Philip Howard, CEU professor of global media and communication, said: "This is the largest investigation of privacy breaches in Europe ever undertaken.
"We looked at 350 incidents over a 10-year period, with a very focused look at the 229 incidents that directly involved the privacy of people living in Europe."
227 million personal records were found to have been stolen in specifically European breaches, while 645 million records were taken in global incidents that affected those inside and outside Europe.
The blame for the breaches fell strongly on corporations, with half of all the breaches involving companies and 89% of all stolen records originating from firms.
"In the news we hear a lot of news stories about hackers who break into systems and steal our personal information." Howard said.
"But that was the minority of incidents – far and away, most of the cases organisational errors, insider abuse, or other internal mismanagement."
Nearly 60% of incidents were attributed to company problems, while a mere 41% could be linked to "clear acts of theft by hackers".
Howard added that companies and government agencies should be required to report possible breaches to both victims and data protection agencies, a move that European and British regulators have resisted so far, but could be included in new EU laws under consideration.