Cybersecurity Risk Management, Strategy and Governance	12 Months Ended
Feb. 01, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	ITEM 1C. CYBERSECURITY Cybersecurity is one of our most critical risks. For many activities important to our business, we depend on the confidentiality, integrity and availability of information systems and data, some of which are provided or managed by third parties. We have strategically integrated cybersecurity risk management into our broader enterprise risk management function to promote a company-wide culture of cybersecurity risk management. Management is responsible for the day-to-day handling of risks facing the Company, while the Board of Directors, as a whole and through its committees, oversees risk management, including cybersecurity risks. The Board has delegated certain risk management responsibilities with respect to cybersecurity to the Audit Committee. On behalf of the Board, the Audit Committee provides oversight of our management of cybersecurity risk. The Audit Committee regularly reviews our cybersecurity risks, incidents, audits, assessments, crisis readiness, awareness activities and compliance with cybersecurity and privacy laws and regulations. Our Vice President, Information Security and Privacy jointly with our Senior Vice President, Chief Strategy and Digital Officer brief the Audit Committee quarterly, and more often, if necessary, on active and emerging cybersecurity threats and efforts to strengthen our defenses against these threats. Our Information Security and Privacy teams reduce first and third-party risk by maintaining a proactive security posture aligned with current threats, detecting cybersecurity events and responding quickly, and building procedures to rapidly recover. These teams are managed by the Vice President, Information Security and Privacy, who reports to the Senior Vice President, Chief Strategy and Digital Officer. Our cybersecurity leaders collectively have more than 25 years of relevant experience and multiple professional certifications. Internal and third-party risks are reviewed, monitored, and managed by our Cybersecurity and Privacy teams, audited by an Internal Audit team and various external experts, and tracked within an Enterprise Risk Management framework. We regularly engage third-party experts to assess the effectiveness of our cybersecurity programs. Biennially, an external independent consultancy team conducts an assessment of our cybersecurity program using the inputs from accepted Cybersecurity Frameworks. Targeted assessments are conducted regularly by internal and third-party experts to ensure compliance with specific federal and state laws and regulations. We continue to participate in the VISA TIP program and AMEX STEP program around our PCI DSS compliance. Our processes for identifying and managing first and third-party risks from cybersecurity threats include: •Continuous monitoring of our systems and network for cybersecurity events; •Regular testing of our Security Incident Response Plan, Business Continuity plans, and Disaster Recovery plans; •Required annual security training for our employees with access to email, as well as tailored training for employees in more sensitive roles. Periodic testing to ensure the security training is effective. External managed security services providers and industry-leading security tools continuously monitor our systems and network for cybersecurity threats. Our cybersecurity teams evaluate the escalated threats, and if necessary, take steps to contain and recover from pervasive threats in accordance with our Security Incident Response Plan. The plan includes reporting and escalation procedures to inform the Executive Committee, Audit Committee, and full Board, as appropriate to enable them to carry out their oversight responsibilities, and to ensure timely compliance with applicable reporting rules. Our Business Continuity Management and Disaster Recovery plans include procedures for business recovery and are tested regularly. No risks from cybersecurity threats or previous cybersecurity incidents have materially affected our business strategy, results of operations, or financial condition. However, there can be no assurance that our controls and procedures in place to monitor and mitigate the risks of cyber threats will be sufficient and/or timely and that we will not suffer material losses or consequences in the future. Additionally, while we have in place insurance coverage designed to address certain aspects of cyber risks, such insurance coverage may be insufficient to cover all insured losses or all types of claims that may arise.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	Cybersecurity is one of our most critical risks. For many activities important to our business, we depend on the confidentiality, integrity and availability of information systems and data, some of which are provided or managed by third parties. We have strategically integrated cybersecurity risk management into our broader enterprise risk management function to promote a company-wide culture of cybersecurity risk management.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]	No risks from cybersecurity threats or previous cybersecurity incidents have materially affected our business strategy, results of operations, or financial condition. However, there can be no assurance that our controls and procedures in place to monitor and mitigate the risks of cyber threats will be sufficient and/or timely and that we will not suffer material losses or consequences in the future.
Cybersecurity Risk Board of Directors Oversight [Text Block]	Management is responsible for the day-to-day handling of risks facing the Company, while the Board of Directors, as a whole and through its committees, oversees risk management, including cybersecurity risks. The Board has delegated certain risk management responsibilities with respect to cybersecurity to the Audit Committee. On behalf of the Board, the Audit Committee provides oversight of our management of cybersecurity risk. The Audit Committee regularly reviews our cybersecurity risks, incidents, audits, assessments, crisis readiness, awareness activities and compliance with cybersecurity and privacy laws and regulations. Our Vice President, Information Security and Privacy jointly with our Senior Vice President, Chief Strategy and Digital Officer brief the Audit Committee quarterly, and more often, if necessary, on active and emerging cybersecurity threats and efforts to strengthen our defenses against these threats.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	On behalf of the Board, the Audit Committee provides oversight of our management of cybersecurity risk. The Audit Committee regularly reviews our cybersecurity risks, incidents, audits, assessments, crisis readiness, awareness activities and compliance with cybersecurity and privacy laws and regulations.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	Our Vice President, Information Security and Privacy jointly with our Senior Vice President, Chief Strategy and Digital Officer brief the Audit Committee quarterly, and more often, if necessary, on active and emerging cybersecurity threats and efforts to strengthen our defenses against these threats.
Cybersecurity Risk Role of Management [Text Block]	Management is responsible for the day-to-day handling of risks facing the Company, while the Board of Directors, as a whole and through its committees, oversees risk management, including cybersecurity risks. The Board has delegated certain risk management responsibilities with respect to cybersecurity to the Audit Committee. On behalf of the Board, the Audit Committee provides oversight of our management of cybersecurity risk. The Audit Committee regularly reviews our cybersecurity risks, incidents, audits, assessments, crisis readiness, awareness activities and compliance with cybersecurity and privacy laws and regulations. Our Vice President, Information Security and Privacy jointly with our Senior Vice President, Chief Strategy and Digital Officer brief the Audit Committee quarterly, and more often, if necessary, on active and emerging cybersecurity threats and efforts to strengthen our defenses against these threats. Our Information Security and Privacy teams reduce first and third-party risk by maintaining a proactive security posture aligned with current threats, detecting cybersecurity events and responding quickly, and building procedures to rapidly recover. These teams are managed by the Vice President, Information Security and Privacy, who reports to the Senior Vice President, Chief Strategy and Digital Officer. Our cybersecurity leaders collectively have more than 25 years of relevant experience and multiple professional certifications.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	The Audit Committee regularly reviews our cybersecurity risks, incidents, audits, assessments, crisis readiness, awareness activities and compliance with cybersecurity and privacy laws and regulations.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	These teams are managed by the Vice President, Information Security and Privacy, who reports to the Senior Vice President, Chief Strategy and Digital Officer. Our cybersecurity leaders collectively have more than 25 years of relevant experience and multiple professional certifications.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	These teams are managed by the Vice President, Information Security and Privacy, who reports to the Senior Vice President, Chief Strategy and Digital Officer.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

ITEM 1C. CYBERSECURITY

Cybersecurity is one of our most critical risks. For many activities important to our business, we depend on the confidentiality, integrity and availability of information systems and data, some of which are provided or managed by third parties. We have strategically integrated cybersecurity risk management into our broader enterprise risk management function to promote a company-wide culture of cybersecurity risk management.

Management is responsible for the day-to-day handling of risks facing the Company, while the Board of Directors, as a whole and through its committees, oversees risk management, including cybersecurity risks. The Board has delegated certain risk management responsibilities with respect to cybersecurity to the Audit Committee.

On behalf of the Board, the Audit Committee provides oversight of our management of cybersecurity risk. The Audit Committee regularly reviews our cybersecurity risks, incidents, audits, assessments, crisis readiness, awareness activities and compliance with cybersecurity and privacy laws and regulations. Our Vice President, Information Security and Privacy jointly with our Senior Vice President, Chief Strategy and Digital Officer brief the Audit Committee quarterly, and more often, if necessary, on active and emerging cybersecurity threats and efforts to strengthen our defenses against these threats.

Our Information Security and Privacy teams reduce first and third-party risk by maintaining a proactive security posture aligned with current threats, detecting cybersecurity events and responding quickly, and building procedures to rapidly recover. These teams are managed by the Vice President, Information Security and Privacy, who reports to the Senior Vice President, Chief Strategy and Digital Officer. Our cybersecurity leaders collectively have more than 25 years of relevant experience and multiple professional certifications.

Internal and third-party risks are reviewed, monitored, and managed by our Cybersecurity and Privacy teams, audited by an Internal Audit team and various external experts, and tracked within an Enterprise Risk Management framework. We regularly engage third-party experts to assess the effectiveness of our cybersecurity programs. Biennially, an external independent consultancy team conducts an assessment of our cybersecurity program using the inputs from accepted Cybersecurity Frameworks. Targeted assessments are conducted regularly by internal and third-party experts to ensure compliance with specific federal and state laws and regulations. We continue to participate in the VISA TIP program and AMEX STEP program around our PCI DSS compliance.

Our processes for identifying and managing first and third-party risks from cybersecurity threats include:

•Continuous monitoring of our systems and network for cybersecurity events;

•Regular testing of our Security Incident Response Plan, Business Continuity plans, and Disaster Recovery plans;

•Required annual security training for our employees with access to email, as well as tailored training for employees in more sensitive roles. Periodic testing to ensure the security training is effective.

External managed security services providers and industry-leading security tools continuously monitor our systems and network for cybersecurity threats. Our cybersecurity teams evaluate the escalated threats, and if necessary, take steps to contain and recover from pervasive threats in accordance with our Security Incident Response Plan. The plan includes reporting and escalation procedures to inform the Executive Committee, Audit Committee, and full Board, as appropriate to enable them to carry out their oversight responsibilities, and to ensure timely compliance with applicable reporting rules. Our Business Continuity Management and Disaster Recovery plans include procedures for business recovery and are tested regularly.

No risks from cybersecurity threats or previous cybersecurity incidents have materially affected our business strategy, results of operations, or financial condition. However, there can be no assurance that our controls and procedures in place to monitor and mitigate the risks of cyber threats will be sufficient and/or timely and that we will not suffer material losses or consequences in the future. Additionally, while we have in place insurance coverage designed to address certain aspects of cyber risks, such insurance coverage may be insufficient to cover all insured losses or all types of claims that may arise.

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity is one of our most critical risks. For many activities important to our business, we depend on the confidentiality, integrity and availability of information systems and data, some of which are provided or managed by third parties. We have strategically integrated cybersecurity risk management into our broader enterprise risk management function to promote a company-wide culture of cybersecurity risk management.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]

No risks from cybersecurity threats or previous cybersecurity incidents have materially affected our business strategy, results of operations, or financial condition. However, there can be no assurance that our controls and procedures in place to monitor and mitigate the risks of cyber threats will be sufficient and/or timely and that we will not suffer material losses or consequences in the future.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

On behalf of the Board, the Audit Committee provides oversight of our management of cybersecurity risk. The Audit Committee regularly reviews our cybersecurity risks, incidents, audits, assessments, crisis readiness, awareness activities and compliance with cybersecurity and privacy laws and regulations.

Cybersecurity Risk Role of Management [Text Block]

Management is responsible for the day-to-day handling of risks facing the Company, while the Board of Directors, as a whole and through its committees, oversees risk management, including cybersecurity risks. The Board has delegated certain risk management responsibilities with respect to cybersecurity to the Audit Committee.

On behalf of the Board, the Audit Committee provides oversight of our management of cybersecurity risk. The Audit Committee regularly reviews our cybersecurity risks, incidents, audits, assessments, crisis readiness, awareness activities and compliance with cybersecurity and privacy laws and regulations. Our Vice President, Information Security and Privacy jointly with our Senior Vice President, Chief Strategy and Digital Officer brief the Audit Committee quarterly, and more often, if necessary, on active and emerging cybersecurity threats and efforts to strengthen our defenses against these threats.

Our Information Security and Privacy teams reduce first and third-party risk by maintaining a proactive security posture aligned with current threats, detecting cybersecurity events and responding quickly, and building procedures to rapidly recover. These teams are managed by the Vice President, Information Security and Privacy, who reports to the Senior Vice President, Chief Strategy and Digital Officer. Our cybersecurity leaders collectively have more than 25 years of relevant experience and multiple professional certifications.

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

The Audit Committee regularly reviews our cybersecurity risks, incidents, audits, assessments, crisis readiness, awareness activities and compliance with cybersecurity and privacy laws and regulations.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

These teams are managed by the Vice President, Information Security and Privacy, who reports to the Senior Vice President, Chief Strategy and Digital Officer.