Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Jan. 31, 2026
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	We maintain a robust cybersecurity risk management program intended to assess, identify and manage material risks from cybersecurity threats, which encompasses the following key components. Risk Assessment We regularly conduct comprehensive cybersecurity risk assessments to identify vulnerabilities, threats and potential impacts on our business operations and stakeholders. We actively monitor and gather threat intelligence to stay informed about emerging cyber threats and vulnerabilities relevant to our industry and operations. We engage independent third-party assessors for periodic cybersecurity program assessments against industry accepted frameworks and to perform technical penetration assessments. We assess ourselves against the Center for Internet Security Top 18 controls framework, the National Institute of Standards and Technology Cybersecurity Framework, the Payment Card Industry Data Security Standard and management-defined technology controls to support our internal controls over financial reporting. Incident Detection and Response We have established procedures for monitoring network activities, detecting anomalies and responding to cybersecurity incidents promptly. We engage a specialized managed services firm to provide continuous monitoring and an initial level of incident response. We work with a leading cyber forensics firm to provide incident response services as needed. Our incident response and escalation procedures are documented and intended to facilitate prompt and thorough resolution of cybersecurity threats and incidents. Our core incident response and extended incident response teams are cross-functional and include leaders across technology, legal, finance, asset protection, customer care, human resources, stores operations and communications. Protocols to notify our executive leadership team and Board are in place based on the severity of the incident. Third-party Risk In addition to our own systems, we use third-party service providers to store, transmit and process certain information on our behalf. Third-party risk management is embedded in our cybersecurity risk management function. We leverage an independent cybersecurity assessment exchange service to gather information and provide real-time threat monitoring of our most critical third parties. We regularly review cybersecurity assessment reports and certifications from our third parties. Our standard contract terms also require third parties to maintain a standard level of security and controls.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	We maintain a robust cybersecurity risk management program intended to assess, identify and manage material risks from cybersecurity threats, which encompasses the following key components.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Our cybersecurity risk management processes are integrated into our overall enterprise risk management function. Our Board understands the critical nature of managing risks associated with cybersecurity threats. The Board has established robust oversight mechanisms to provide effective oversight of risks associated with cybersecurity. Board of Directors Oversight The Audit Committee has been delegated the primary responsibility for the Board’s oversight of cybersecurity risks. Executive summaries of our internal risk assessments, program initiatives, regulatory compliance and incident summaries are shared with our Audit Committee on a quarterly basis, with additional updates as needed. Our third-party assessment and audit results, which are performed on an annual basis, and associated remediation plans are also shared with our Audit Committee. Additionally, our Internal Audit function independently conducts periodic reviews of our cybersecurity controls and reports the results of those reviews to the Audit Committee. The Audit Committee reports to the Board on cybersecurity risk oversight at least annually. Management’s Role in Managing Cybersecurity Risk Our management team, including our Chief Information Officer (“CIO”) and Chief Information Security Officer (“CISO”), is responsible for assessing, monitoring, and managing our material risks from cybersecurity threats and for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and relationships with retained external cybersecurity consultants. Our CISO has over 25 years of security experience in executive leadership, operations, incident response, and consulting in various industries including retail, technology and healthcare, as well as support of Federal government agencies and intelligence. Our CIO’s experience includes decades of work experience in the information technology and cybersecurity fields in various industries, including the retail industry. We have a structured process to identify and oversee material cybersecurity risks. We maintain a robust set of cybersecurity policies that set the standards and expectations for our associates, contractors and vendors to follow, conduct cybersecurity education and training programs for our associates and maintain cybersecurity insurance coverage. We report cybersecurity metrics quarterly to our technology leadership, including our CIO and CISO, and our Enterprise Risk Management team. We have an Executive Risk Council, comprised of executive leadership across the business, which is briefed quarterly on the latest cybersecurity threats impacting our business, and the progress of recent and ongoing cybersecurity program initiatives, incidents and risk assessments. The Executive Risk Council provides input as needed to strengthen our cybersecurity controls and risk management. We do not believe that any risks we have identified from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. For additional information regarding cybersecurity risks we are subject to, refer to “Item 1A. Risk Factors” in this Annual Report on Form 10-K.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Audit Committee has been delegated the primary responsibility for the Board’s oversight of cybersecurity risks. Executive summaries of our internal risk assessments, program initiatives, regulatory compliance and incident summaries are shared with our Audit Committee on a quarterly basis, with additional updates as needed. Our third-party assessment and audit results, which are performed on an annual basis, and associated remediation plans are also shared with our Audit Committee. Additionally, our Internal Audit function independently conducts periodic reviews of our cybersecurity controls and reports the results of those reviews to the Audit Committee. The Audit Committee reports to the Board on cybersecurity risk oversight at least annually.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	We have a structured process to identify and oversee material cybersecurity risks. We maintain a robust set of cybersecurity policies that set the standards and expectations for our associates, contractors and vendors to follow, conduct cybersecurity education and training programs for our associates and maintain cybersecurity insurance coverage. We report cybersecurity metrics quarterly to our technology leadership, including our CIO and CISO, and our Enterprise Risk Management team. We have an Executive Risk Council, comprised of executive leadership across the business, which is briefed quarterly on the latest cybersecurity threats impacting our business, and the progress of recent and ongoing cybersecurity program initiatives, incidents and risk assessments. The Executive Risk Council provides input as needed to strengthen our cybersecurity controls and risk management.
Cybersecurity Risk Role of Management [Text Block]	Our management team, including our Chief Information Officer (“CIO”) and Chief Information Security Officer (“CISO”), is responsible for assessing, monitoring, and managing our material risks from cybersecurity threats and for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and relationships with retained external cybersecurity consultants. Our CISO has over 25 years of security experience in executive leadership, operations, incident response, and consulting in various industries including retail, technology and healthcare, as well as support of Federal government agencies and intelligence. Our CIO’s experience includes decades of work experience in the information technology and cybersecurity fields in various industries, including the retail industry. We have a structured process to identify and oversee material cybersecurity risks. We maintain a robust set of cybersecurity policies that set the standards and expectations for our associates, contractors and vendors to follow, conduct cybersecurity education and training programs for our associates and maintain cybersecurity insurance coverage. We report cybersecurity metrics quarterly to our technology leadership, including our CIO and CISO, and our Enterprise Risk Management team. We have an Executive Risk Council, comprised of executive leadership across the business, which is briefed quarterly on the latest cybersecurity threats impacting our business, and the progress of recent and ongoing cybersecurity program initiatives, incidents and risk assessments. The Executive Risk Council provides input as needed to strengthen our cybersecurity controls and risk management.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	The Audit Committee has been delegated the primary responsibility for the Board’s oversight of cybersecurity risks. Executive summaries of our internal risk assessments, program initiatives, regulatory compliance and incident summaries are shared with our Audit Committee on a quarterly basis, with additional updates as needed. Our third-party assessment and audit results, which are performed on an annual basis, and associated remediation plans are also shared with our Audit Committee. Additionally, our Internal Audit function independently conducts periodic reviews of our cybersecurity controls and reports the results of those reviews to the Audit Committee. The Audit Committee reports to the Board on cybersecurity risk oversight at least annually. Management’s Role in Managing Cybersecurity Risk Our management team, including our Chief Information Officer (“CIO”) and Chief Information Security Officer (“CISO”), is responsible for assessing, monitoring, and managing our material risks from cybersecurity threats and for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and relationships with retained external cybersecurity consultants. Our CISO has over 25 years of security experience in executive leadership, operations, incident response, and consulting in various industries including retail, technology and healthcare, as well as support of Federal government agencies and intelligence. Our CIO’s experience includes decades of work experience in the information technology and cybersecurity fields in various industries, including the retail industry. We have a structured process to identify and oversee material cybersecurity risks. We maintain a robust set of cybersecurity policies that set the standards and expectations for our associates, contractors and vendors to follow, conduct cybersecurity education and training programs for our associates and maintain cybersecurity insurance coverage. We report cybersecurity metrics quarterly to our technology leadership, including our CIO and CISO, and our Enterprise Risk Management team. We have an Executive Risk Council, comprised of executive leadership across the business, which is briefed quarterly on the latest cybersecurity threats impacting our business, and the progress of recent and ongoing cybersecurity program initiatives, incidents and risk assessments. The Executive Risk Council provides input as needed to strengthen our cybersecurity controls and risk management.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	Our CISO has over 25 years of security experience in executive leadership, operations, incident response, and consulting in various industries including retail, technology and healthcare, as well as support of Federal government agencies and intelligence. Our CIO’s experience includes decades of work experience in the information technology and cybersecurity fields in various industries, including the retail industry.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	We have a structured process to identify and oversee material cybersecurity risks. We maintain a robust set of cybersecurity policies that set the standards and expectations for our associates, contractors and vendors to follow, conduct cybersecurity education and training programs for our associates and maintain cybersecurity insurance coverage. We report cybersecurity metrics quarterly to our technology leadership, including our CIO and CISO, and our Enterprise Risk Management team. We have an Executive Risk Council, comprised of executive leadership across the business, which is briefed quarterly on the latest cybersecurity threats impacting our business, and the progress of recent and ongoing cybersecurity program initiatives, incidents and risk assessments. The Executive Risk Council provides input as needed to strengthen our cybersecurity controls and risk management.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Jan. 31, 2026

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

We maintain a robust cybersecurity risk management program intended to assess, identify and manage material risks from cybersecurity threats, which encompasses the following key components.

Risk Assessment

We regularly conduct comprehensive cybersecurity risk assessments to identify vulnerabilities, threats and potential impacts on our business operations and stakeholders. We actively monitor and gather threat intelligence to stay informed about emerging cyber threats and vulnerabilities relevant to our industry and operations. We engage independent third-party assessors for periodic cybersecurity program assessments against industry accepted frameworks and to perform technical penetration assessments. We assess ourselves against the Center for Internet Security Top 18 controls framework, the National Institute of Standards and Technology Cybersecurity Framework, the Payment Card Industry Data Security Standard and management-defined technology controls to support our internal controls over financial reporting.

Incident Detection and Response

We have established procedures for monitoring network activities, detecting anomalies and responding to cybersecurity incidents promptly. We engage a specialized managed services firm to provide continuous monitoring and an initial level of incident response. We work with a leading cyber forensics firm to provide incident response services as needed. Our incident response and escalation procedures are documented and intended to facilitate prompt and thorough resolution of cybersecurity threats and incidents. Our core incident response and extended incident response teams are cross-functional and include leaders across technology, legal, finance, asset protection, customer care, human resources, stores operations and communications. Protocols to notify our executive leadership team and Board are in place based on the severity of the incident.

Third-party Risk

In addition to our own systems, we use third-party service providers to store, transmit and process certain information on our behalf. Third-party risk management is embedded in our cybersecurity risk management function. We leverage an independent cybersecurity assessment exchange service to gather information and provide real-time threat monitoring of our most critical third parties. We regularly review cybersecurity assessment reports and certifications from our third parties. Our standard contract terms also require third parties to maintain a standard level of security and controls.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

We maintain a robust cybersecurity risk management program intended to assess, identify and manage material risks from cybersecurity threats, which encompasses the following key components.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Our cybersecurity risk management processes are integrated into our overall enterprise risk management function. Our Board understands the critical nature of managing risks associated with cybersecurity threats. The Board has established robust oversight mechanisms to provide effective oversight of risks associated with cybersecurity.

Board of Directors Oversight

The Audit Committee has been delegated the primary responsibility for the Board’s oversight of cybersecurity risks. Executive summaries of our internal risk assessments, program initiatives, regulatory compliance and incident summaries are shared with our Audit Committee on a quarterly basis, with additional updates as needed. Our third-party assessment and audit results, which are performed on an annual basis, and associated remediation plans are also shared with our Audit Committee. Additionally, our Internal Audit function independently conducts periodic reviews of our cybersecurity controls and reports the results of those reviews to the Audit Committee. The Audit Committee reports to the Board on cybersecurity risk oversight at least annually.

Management’s Role in Managing Cybersecurity Risk

Our management team, including our Chief Information Officer (“CIO”) and Chief Information Security Officer (“CISO”), is responsible for assessing, monitoring, and managing our material risks from cybersecurity threats and for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and relationships with retained external cybersecurity consultants. Our CISO has over 25 years of security experience in executive leadership, operations, incident response, and consulting in various industries including retail, technology and healthcare, as well as support of Federal government agencies and intelligence. Our CIO’s experience includes decades of work experience in the information technology and cybersecurity fields in various industries, including the retail industry.

We have a structured process to identify and oversee material cybersecurity risks. We maintain a robust set of cybersecurity policies that set the standards and expectations for our associates, contractors and vendors to follow, conduct cybersecurity education and training programs for our associates and maintain cybersecurity insurance coverage. We report cybersecurity metrics quarterly to our technology leadership, including our CIO and CISO, and our Enterprise Risk Management team. We have an Executive Risk Council, comprised of executive leadership across the business, which is briefed quarterly on the latest cybersecurity threats impacting our business, and the progress of recent and ongoing cybersecurity program initiatives, incidents and risk assessments. The Executive Risk Council provides input as needed to strengthen our cybersecurity controls and risk management.

We do not believe that any risks we have identified from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. For additional information regarding cybersecurity risks we are subject to, refer to “Item 1A. Risk Factors” in this Annual Report on Form 10-K.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Role of Management [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Management’s Role in Managing Cybersecurity Risk

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our CISO has over 25 years of security experience in executive leadership, operations, incident response, and consulting in various industries including retail, technology and healthcare, as well as support of Federal government agencies and intelligence. Our CIO’s experience includes decades of work experience in the information technology and cybersecurity fields in various industries, including the retail industry.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true