The SAFER K-64 encryption algorithm has been compromised through a real-world, practical, low-cost attack. Using consumer-grade hardware, the SAFER K-64 key schedule is vulnerable to a related-key chosen plaintext attack. By comparing enough plaintext data that is matched to its corresponding cipher text, the encryption keys can be derived through cryptanalysis. Such an attack could potentially compromise the entire encryption scheme, giving the attacker access to sensitive data.
Loss of Integrity
Due to the encryption algorithm being compromised through cryptanalysis, it is generally accepted that it should no longer be used. It is recommended that an alternate, stronger algorithm be used to ensure data is properly protected.