[JURIST] A California judge ruled Friday that credit card companies Visa [corporate website] and MasterCard [corporate website] do not have to notify individual consumers whose account data was stolen by an as-yet-unknown hacker in a mass cybertheft disclosed by MasterCard [JURIST report] earlier this year. San Francisco Superior Court Judge Richard Kramer denied the contention of plaintiffs in a class action suit [complaint, PDF] that there was any immediate threat of harm to affected consumers. The theft is deemed to have exposed some 40 million accounts to potential abuse, and to have yielded sufficient information to permit fraud against some 264,000 accountholders. Visa and MasterCard have said that the danger of identity theft to individual cardholders is low, in part because the data did not include Social Security numbers and home addresses, and in part because the companies and affiliated banks have zero liability [Visa backgrounder] policies that would reverse any fraudulent charges. AP has more.