Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Feb. 01, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	We maintain a robust cybersecurity risk management program designed to assess, identify and manage material risks from cybersecurity threats, which encompasses the following key components. Risk Assessment We regularly conduct comprehensive cybersecurity risk assessments to identify vulnerabilities, threats and potential impacts on our business operations and stakeholders. We actively monitor and gather threat intelligence to stay informed about emerging cyber threats and vulnerabilities relevant to our industry and operations. We engage independent third-party assessors for periodic cybersecurity program assessments against industry accepted frameworks and to perform technical penetration assessments. We assess ourselves against the Center for Internet Security Top 18 controls framework, the National Institute of Standards and Technology Cybersecurity Framework, the Payment Card Industry Data Security Standard and management-defined technology controls to support our internal controls over financial reporting. Incident Detection and Response We have established procedures for monitoring network activities, detecting anomalies and responding to cybersecurity incidents promptly. We engage a specialized managed services firm to provide continuous monitoring and an initial level of incident response. We work with a leading cyber forensics firm to provide incident response services as needed. Our incident response and escalation procedures are documented to classify incidents according to defined thresholds. Our core incident response and extended incident response teams are cross-functional and include leaders across technology, legal, finance, asset protection, customer care, human resources, stores operations and communications. Protocols to notify our executive leadership team and Board are in place based on the severity of the incident. Third-party Risk In addition to our own systems, we use third-party service providers to store, transmit and process information on our behalf. Third-party risk management is embedded in our cybersecurity risk management function. We leverage an independent cybersecurity assessment exchange service to gather information and provide real-time threat monitoring of our most critical third parties. We review relevant cybersecurity assessment reports and certifications from our third parties. Our standard contract terms also require third parties to maintain a standard level of security and controls.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	We maintain a robust cybersecurity risk management program designed to assess, identify and manage material risks from cybersecurity threats, which encompasses the following key components.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Our cybersecurity risk management processes are integrated into our overall enterprise risk management system. Our Board understands the critical nature of managing risks associated with cybersecurity threats. The Board has established robust oversight mechanisms to provide effective oversight of risks associated with cybersecurity. Board of Directors Oversight The Audit Committee has been delegated the primary responsibility for the Board's oversight of cybersecurity risks. Executive summaries of our internal risk assessments, program initiatives, regulatory compliance and incident summaries are shared with our Audit Committee on a semi-annual basis, with additional updates as needed. Our third-party assessment and audit results, which are performed on an annual basis, and associated remediation plans are also shared with our Audit Committee. Additionally, our Internal Audit function independently conducts periodic reviews of our cybersecurity controls and reports the results of those reviews to the Audit Committee. The Audit Committee reports to the Board on cybersecurity risk oversight at least annually. Management's Role in Managing Cybersecurity Risk Our Chief Information Security Officer (“CISO”) has primary responsibility for assessing, monitoring, and managing our cybersecurity risks. Our CISO has over 25 years of security experience in executive leadership, operations, incident response, and consulting in various industries including retail, technology and healthcare, as well as support of Federal government agencies and intelligence. Our CISO reports to our Chief Information Officer (“CIO”), who is also responsible for overseeing cybersecurity risks and communicating with the Board and Audit Committee. We have a structured process to identify and oversee material cybersecurity risks. We maintain a robust set of cybersecurity policies that set the standards and expectations for our associates, contractors and vendors to follow. We report cybersecurity metrics quarterly to our technology leadership, including our CIO and CISO, and our Enterprise Risk Management team. We have an Executive Risk Council, comprised of executive leadership across the business, which is briefed quarterly on the latest cybersecurity threats impacting our business, and the progress of recent and ongoing cybersecurity program efforts, incidents and risk assessments. The Executive Risk Council provides input as needed to strengthen our cybersecurity controls and risk management. We do not believe that any risks we have identified from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. For additional information regarding cybersecurity risks we are subject to, refer to “Item 1A. Risk Factors” in this Annual Report on Form 10-K.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Audit Committee has been delegated the primary responsibility for the Board's oversight of cybersecurity risks. Executive summaries of our internal risk assessments, program initiatives, regulatory compliance and incident summaries are shared with our Audit Committee on a semi-annual basis, with additional updates as needed. Our third-party assessment and audit results, which are performed on an annual basis, and associated remediation plans are also shared with our Audit Committee. Additionally, our Internal Audit function independently conducts periodic reviews of our cybersecurity controls and reports the results of those reviews to the Audit Committee. The Audit Committee reports to the Board on cybersecurity risk oversight at least annually.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	We have a structured process to identify and oversee material cybersecurity risks. We maintain a robust set of cybersecurity policies that set the standards and expectations for our associates, contractors and vendors to follow. We report cybersecurity metrics quarterly to our technology leadership, including our CIO and CISO, and our Enterprise Risk Management team. We have an Executive Risk Council, comprised of executive leadership across the business, which is briefed quarterly on the latest cybersecurity threats impacting our business, and the progress of recent and ongoing cybersecurity program efforts, incidents and risk assessments. The Executive Risk Council provides input as needed to strengthen our cybersecurity controls and risk management.
Cybersecurity Risk Role of Management [Text Block]	Our Chief Information Security Officer (“CISO”) has primary responsibility for assessing, monitoring, and managing our cybersecurity risks. Our CISO has over 25 years of security experience in executive leadership, operations, incident response, and consulting in various industries including retail, technology and healthcare, as well as support of Federal government agencies and intelligence. Our CISO reports to our Chief Information Officer (“CIO”), who is also responsible for overseeing cybersecurity risks and communicating with the Board and Audit Committee. We have a structured process to identify and oversee material cybersecurity risks. We maintain a robust set of cybersecurity policies that set the standards and expectations for our associates, contractors and vendors to follow. We report cybersecurity metrics quarterly to our technology leadership, including our CIO and CISO, and our Enterprise Risk Management team. We have an Executive Risk Council, comprised of executive leadership across the business, which is briefed quarterly on the latest cybersecurity threats impacting our business, and the progress of recent and ongoing cybersecurity program efforts, incidents and risk assessments. The Executive Risk Council provides input as needed to strengthen our cybersecurity controls and risk management.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	The Audit Committee has been delegated the primary responsibility for the Board's oversight of cybersecurity risks. Executive summaries of our internal risk assessments, program initiatives, regulatory compliance and incident summaries are shared with our Audit Committee on a semi-annual basis, with additional updates as needed. Our third-party assessment and audit results, which are performed on an annual basis, and associated remediation plans are also shared with our Audit Committee. Additionally, our Internal Audit function independently conducts periodic reviews of our cybersecurity controls and reports the results of those reviews to the Audit Committee. The Audit Committee reports to the Board on cybersecurity risk oversight at least annually. Management's Role in Managing Cybersecurity Risk Our Chief Information Security Officer (“CISO”) has primary responsibility for assessing, monitoring, and managing our cybersecurity risks. Our CISO has over 25 years of security experience in executive leadership, operations, incident response, and consulting in various industries including retail, technology and healthcare, as well as support of Federal government agencies and intelligence. Our CISO reports to our Chief Information Officer (“CIO”), who is also responsible for overseeing cybersecurity risks and communicating with the Board and Audit Committee. We have a structured process to identify and oversee material cybersecurity risks. We maintain a robust set of cybersecurity policies that set the standards and expectations for our associates, contractors and vendors to follow. We report cybersecurity metrics quarterly to our technology leadership, including our CIO and CISO, and our Enterprise Risk Management team. We have an Executive Risk Council, comprised of executive leadership across the business, which is briefed quarterly on the latest cybersecurity threats impacting our business, and the progress of recent and ongoing cybersecurity program efforts, incidents and risk assessments. The Executive Risk Council provides input as needed to strengthen our cybersecurity controls and risk management.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	Our CISO has over 25 years of security experience in executive leadership, operations, incident response, and consulting in various industries including retail, technology and healthcare, as well as support of Federal government agencies and intelligence
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	We have a structured process to identify and oversee material cybersecurity risks. We maintain a robust set of cybersecurity policies that set the standards and expectations for our associates, contractors and vendors to follow. We report cybersecurity metrics quarterly to our technology leadership, including our CIO and CISO, and our Enterprise Risk Management team. We have an Executive Risk Council, comprised of executive leadership across the business, which is briefed quarterly on the latest cybersecurity threats impacting our business, and the progress of recent and ongoing cybersecurity program efforts, incidents and risk assessments. The Executive Risk Council provides input as needed to strengthen our cybersecurity controls and risk management.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Feb. 01, 2025

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

We maintain a robust cybersecurity risk management program designed to assess, identify and manage material risks from cybersecurity threats, which encompasses the following key components.

Risk Assessment

We regularly conduct comprehensive cybersecurity risk assessments to identify vulnerabilities, threats and potential impacts on our business operations and stakeholders. We actively monitor and gather threat intelligence to stay informed about emerging cyber threats and vulnerabilities relevant to our industry and operations. We engage independent third-party assessors for periodic cybersecurity program assessments against industry accepted frameworks and to perform technical penetration assessments. We assess ourselves against the Center for Internet Security Top 18 controls framework, the National Institute of Standards and Technology Cybersecurity Framework, the Payment Card Industry Data Security Standard and management-defined technology controls to support our internal controls over financial reporting.

Incident Detection and Response

We have established procedures for monitoring network activities, detecting anomalies and responding to cybersecurity incidents promptly. We engage a specialized managed services firm to provide continuous monitoring and an initial level of incident response. We work with a leading cyber forensics firm to provide incident response services as needed. Our incident response and escalation procedures are documented to classify incidents according to defined thresholds. Our core incident response and extended incident response teams are cross-functional and include leaders across technology, legal, finance, asset protection, customer care, human resources, stores operations and communications. Protocols to notify our executive leadership team and Board are in place based on the severity of the incident.

Third-party Risk

In addition to our own systems, we use third-party service providers to store, transmit and process information on our behalf. Third-party risk management is embedded in our cybersecurity risk management function. We leverage an independent cybersecurity assessment exchange service to gather information and provide real-time threat monitoring of our most critical third parties. We review relevant cybersecurity assessment reports and certifications from our third parties. Our standard contract terms also require third parties to maintain a standard level of security and controls.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

We maintain a robust cybersecurity risk management program designed to assess, identify and manage material risks from cybersecurity threats, which encompasses the following key components.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Our cybersecurity risk management processes are integrated into our overall enterprise risk management system. Our Board understands the critical nature of managing risks associated with cybersecurity threats. The Board has established robust oversight mechanisms to provide effective oversight of risks associated with cybersecurity.

Board of Directors Oversight

The Audit Committee has been delegated the primary responsibility for the Board's oversight of cybersecurity risks. Executive summaries of our internal risk assessments, program initiatives, regulatory compliance and incident summaries are shared with our Audit Committee on a semi-annual basis, with additional updates as needed. Our third-party assessment and audit results, which are performed on an annual basis, and associated remediation plans are also shared with our Audit Committee. Additionally, our Internal Audit function independently conducts periodic reviews of our cybersecurity controls and reports the results of those reviews to the Audit Committee. The Audit Committee reports to the Board on cybersecurity risk oversight at least annually.

Management's Role in Managing Cybersecurity Risk

Our Chief Information Security Officer (“CISO”) has primary responsibility for assessing, monitoring, and managing our cybersecurity risks. Our CISO has over 25 years of security experience in executive leadership, operations, incident response, and consulting in various industries including retail, technology and healthcare, as well as support of Federal government agencies and intelligence. Our CISO reports to our Chief Information Officer (“CIO”), who is also responsible for overseeing cybersecurity risks and communicating with the Board and Audit Committee.

We have a structured process to identify and oversee material cybersecurity risks. We maintain a robust set of cybersecurity policies that set the standards and expectations for our associates, contractors and vendors to follow. We report cybersecurity metrics quarterly to our technology leadership, including our CIO and CISO, and our Enterprise Risk Management team. We have an Executive Risk Council, comprised of executive leadership across the business, which is briefed quarterly on the latest cybersecurity threats impacting our business, and the progress of recent and ongoing cybersecurity program efforts, incidents and risk assessments. The Executive Risk Council provides input as needed to strengthen our cybersecurity controls and risk management.

We do not believe that any risks we have identified from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. For additional information regarding cybersecurity risks we are subject to, refer to “Item 1A. Risk Factors” in this Annual Report on Form 10-K.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Role of Management [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Management's Role in Managing Cybersecurity Risk

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our CISO has over 25 years of security experience in executive leadership, operations, incident response, and consulting in various industries including retail, technology and healthcare, as well as support of Federal government agencies and intelligence

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true