XML 45 R24.htm IDEA: XBRL DOCUMENT v3.26.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Feb. 01, 2026
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats. We have implemented cybersecurity processes, technologies, and controls to aid in our efforts to assess, identify, and manage such risks. Our cybersecurity program prioritizes threat mitigation, while focusing on maintaining the integrity and resilience of our systems. We leverage the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework as guidelines in the development of our cybersecurity program. We also adhere to applicable Payment Card Industry Data Security Standards. The cybersecurity risk management process and related governance processes are integrated into our broader enterprise risk management framework, which is designed to appropriately identify, prioritize, manage, and oversee risks. Cybersecurity risks are reviewed as part of our enterprise risk management processes, with findings integrated into our overall risk management strategy.
Overseeing our cybersecurity efforts on a day-to-day basis is our cybersecurity team, led by our Chief Information Security Officer (“CISO”). Our cybersecurity team, in partnership with third parties, designs and implements our data security and cybersecurity programs, risk assessments, monitoring procedures, and training programs for our associates. We continue to make investments to enhance our ability to identify, protect against, detect and respond to security risks within our environment.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats. We have implemented cybersecurity processes, technologies, and controls to aid in our efforts to assess, identify, and manage such risks. Our cybersecurity program prioritizes threat mitigation, while focusing on maintaining the integrity and resilience of our systems. We leverage the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework as guidelines in the development of our cybersecurity program. We also adhere to applicable Payment Card Industry Data Security Standards. The cybersecurity risk management process and related governance processes are integrated into our broader enterprise risk management framework, which is designed to appropriately identify, prioritize, manage, and oversee risks. Cybersecurity risks are reviewed as part of our enterprise risk management processes, with findings integrated into our overall risk management strategy.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] At the Board level, cybersecurity is overseen by the Board and the Audit Committee, which has primary responsibility for overseeing data protection, cybersecurity and privacy matters. In fiscal 2025, our Board held a session dedicated to cybersecurity and business continuity. In addition, since the beginning of fiscal 2025, the Board and/or the Audit Committee have received reports on data protection, cybersecurity and/or privacy matters from senior information technology (“IT”) leaders, including our Chief Information Officer (“CIO”), CISO, Chief Privacy Officer, and the Chair of our Data Security and Privacy Governance Committee (discussed below). Periodically, our Board receives presentations on these matters from third-party experts.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our efforts to create a secure digital environment start with the governance and oversight of our data security and privacy policies and strategy. At the Board level, cybersecurity is overseen by the Board and the Audit Committee, which has primary responsibility for overseeing data protection, cybersecurity and privacy matters. In fiscal 2025, our Board held a session dedicated to cybersecurity and business continuity. In addition, since the beginning of fiscal 2025, the Board and/or the Audit Committee have received reports on data protection, cybersecurity and/or privacy matters from senior information technology (“IT”) leaders, including our Chief Information Officer (“CIO”), CISO, Chief Privacy Officer, and the Chair of our Data Security and Privacy Governance Committee (discussed below). Periodically, our Board receives presentations on these matters from third-party experts.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] In fiscal 2025, our Board held a session dedicated to cybersecurity and business continuity. In addition, since the beginning of fiscal 2025, the Board and/or the Audit Committee have received reports on data protection, cybersecurity and/or privacy matters from senior information technology (“IT”) leaders, including our Chief Information Officer (“CIO”), CISO, Chief Privacy Officer, and the Chair of our Data Security and Privacy Governance Committee (discussed below). The activities of the Data Security and Privacy Governance Committee are reported to the Board or the Audit Committee by the Chair of the committee, as appropriate
Cybersecurity Risk Role of Management [Text Block]
Our efforts to create a secure digital environment start with the governance and oversight of our data security and privacy policies and strategy. At the Board level, cybersecurity is overseen by the Board and the Audit Committee, which has primary responsibility for overseeing data protection, cybersecurity and privacy matters. In fiscal 2025, our Board held a session dedicated to cybersecurity and business continuity. In addition, since the beginning of fiscal 2025, the Board and/or the Audit Committee have received reports on data protection, cybersecurity and/or privacy matters from senior information technology (“IT”) leaders, including our Chief Information Officer (“CIO”), CISO, Chief Privacy Officer, and the Chair of our Data Security and Privacy Governance Committee (discussed below). Periodically, our Board receives presentations on these matters from third-party experts.
Our CISO, who reports to our CIO, joined the Company in 2021 after working with the Company as a third-party consultant beginning in 2019. During a nearly two-decade tenure at a leading professional services firm, he worked with clients on managing information security, developing cybersecurity strategy, and implementing effective information and cybersecurity programs and initiatives addressing emerging cybersecurity threats. Our CISO has significant prior cybersecurity experience, including experience protecting company, customer and associate data across a diverse set of industries. He holds a Bachelor of Science degree in Information Systems and has achieved several relevant certifications, including Certified Information Security Manager, Certified Information Systems Security Professional, and Certified Information Privacy Professional. Our CISO leads a team of associates focused on cybersecurity.
We have three management-level committees that support our cybersecurity, privacy and data governance efforts. They are led by our Data Security and Privacy Governance Committee, which provides management-level governance over cybersecurity and privacy matters, including discussion of cybersecurity and privacy priorities, emerging risks, awareness and training programs, risk mitigation efforts, and regulatory compliance. This committee is chaired by our Vice President – Internal Audit and Corporate Compliance and is composed of a cross-functional team of senior leaders, including our CEO. The committee generally meets quarterly and is supported by our Security and Technology Risk Leadership Committee and our Privacy and Data Governance Committee. The activities of the Data Security and Privacy Governance Committee are reported to the Board or the Audit Committee by the Chair of the committee, as appropriate.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] At the Board level, cybersecurity is overseen by the Board and the Audit Committee, which has primary responsibility for overseeing data protection, cybersecurity and privacy matters. In fiscal 2025, our Board held a session dedicated to cybersecurity and business continuity. In addition, since the beginning of fiscal 2025, the Board and/or the Audit Committee have received reports on data protection, cybersecurity and/or privacy matters from senior information technology (“IT”) leaders, including our Chief Information Officer (“CIO”), CISO, Chief Privacy Officer, and the Chair of our Data Security and Privacy Governance Committee (discussed below).
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our CISO, who reports to our CIO, joined the Company in 2021 after working with the Company as a third-party consultant beginning in 2019. During a nearly two-decade tenure at a leading professional services firm, he worked with clients on managing information security, developing cybersecurity strategy, and implementing effective information and cybersecurity programs and initiatives addressing emerging cybersecurity threats. Our CISO has significant prior cybersecurity experience, including experience protecting company, customer and associate data across a diverse set of industries. He holds a Bachelor of Science degree in Information Systems and has achieved several relevant certifications, including Certified Information Security Manager, Certified Information Systems Security Professional, and Certified Information Privacy Professional. Our CISO leads a team of associates focused on cybersecurity.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] In fiscal 2025, our Board held a session dedicated to cybersecurity and business continuity. In addition, since the beginning of fiscal 2025, the Board and/or the Audit Committee have received reports on data protection, cybersecurity and/or privacy matters from senior information technology (“IT”) leaders, including our Chief Information Officer (“CIO”), CISO, Chief Privacy Officer, and the Chair of our Data Security and Privacy Governance Committee (discussed below). Periodically, our Board receives presentations on these matters from third-party experts.This committee is chaired by our Vice President – Internal Audit and Corporate Compliance and is composed of a cross-functional team of senior leaders, including our CEO. The committee generally meets quarterly and is supported by our Security and Technology Risk Leadership Committee and our Privacy and Data Governance Committee. The activities of the Data Security and Privacy Governance Committee are reported to the Board or the Audit Committee by the Chair of the committee, as appropriate.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true