Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Management We have implemented a cross-functional approach to identifying, preventing and mitigating cybersecurity threats and incidents, while also implementing controls and procedures that provide for the escalation of certain cybersecurity incidents. At the management level, our SVP-GIS is responsible for the assessment and management of risks from cybersecurity threats. Our SVP-GIS has extensive cybersecurity knowledge and skills gained from over 25 years of experience in government and industries including retail and manufacturing, and industry certifications including Certified Information Systems Security Professional (“CISSP”) from ISC Squared and Global Information Assurance Certification (“GIAC”) from SANS Institute. Our SVP-GIS also has experience in forensic investigations, strategic cyber risk management, and cybersecurity program development. Our SVP-GIS leads the team responsible for implementing, monitoring and maintaining cybersecurity policies and practices across our business and reports directly to our EVP-CIO. Our SVP-GIS’s direct reports include a number of experienced cybersecurity leaders responsible for various aspects of our cybersecurity program, each of whom is supported by a team of experienced cybersecurity professionals. The functions that report to our SVP-GIS include: cybersecurity risk management, Payment Card Industry compliance, and cybersecurity testing; operation of protective cybersecurity tools and systems; cybersecurity monitoring, incident response, and digital forensics; cybersecurity research and development and support for information technology and cybersecurity functions. Our SVP-GIS works closely with our Law Department and regularly engages expert consultants and other third parties to assist with assessing, identifying, and managing cybersecurity risks and to oversee compliance with legal, regulatory and contractual cybersecurity requirements. The EVP-CIO and SVP-GIS also periodically attend Audit Committee meetings to report on any material developments. Risk Management and Strategy We employ systems and processes designed to oversee, identify, and reduce the potential impact of a cybersecurity incident at a third-party vendor, service provider or customer or otherwise implicating the third-party technology and systems we use. Our processes and systems include automated tools and technical safeguards managed and monitored by our cybersecurity team. We currently carry cybersecurity insurance, however, we cannot assure you that we will be able to maintain such policies in the future or that they will be sufficient to cover all potential cybersecurity events or losses we incur in connection with such events. We require our associates to receive annual training on our cybersecurity policies and practices. This may include, but is not limited to, training regarding information classification and handling, data privacy, physical security, phishing, malware and ransomware, social engineering, identifying and reporting information security incidents, and secure credit card handling, as well as additional topics based on job roles and responsibilities. We also maintain written cybersecurity policies and procedures that apply to the entire Company and third parties who handle our data or have access to our information technology systems. These policies and procedures establish the framework for our cybersecurity program and cover topics such as acceptable use of information systems, cybersecurity risk management, access management, audit and logging, patching, and cybersecurity requirements for numerous technologies. These policies and procedures are reviewed at least annually, updated as necessary, and integrated into employee training programs and our technology procurement process. We are also subject to the Payment Card Industry Data Security Standard and perform an annual self-assessment according to the requirements set forth by the Payment Card Industry Security Standards Council. Incident Response We have adopted an Incident Response Plan (the “IRP”) that applies in the event of a cybersecurity threat or incident to provide a standardized framework for responding to cybersecurity incidents. The IRP sets out a coordinated approach to investigating, containing, documenting and mitigating incidents, including reporting findings and keeping senior management and other key stakeholders informed and involved as appropriate. The IRP applies to all Company personnel (including third-party contractors, vendors and partners) that perform functions or services that require access to secure Company information, and to all devices and network services that are owned or managed by the Company. The SVP-GIS is responsible for maintaining our IRP. Potentially significant threats are escalated to an interdisciplinary data breach response team (the “DBRT”), which is led by our EVP-CIO and co-chaired by the SVP-GIS, our head of data privacy, and a representative from our Law Department. The DBRT is responsible for oversight and handling of significant cybersecurity threats, incidents, and issues through a documented process. Potentially material cybersecurity incidents are escalated by our EVP-CIO to executive management and reviewed with members of the Company’s Disclosure Committee.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	We have implemented a cross-functional approach to identifying, preventing and mitigating cybersecurity threats and incidents, while also implementing controls and procedures that provide for the escalation of certain cybersecurity incidents. We employ systems and processes designed to oversee, identify, and reduce the potential impact of a cybersecurity incident at a third-party vendor, service provider or customer or otherwise implicating the third-party technology and systems we use. Our processes and systems include automated tools and technical safeguards managed and monitored by our cybersecurity team. We currently carry cybersecurity insurance, however, we cannot assure you that we will be able to maintain such policies in the future or that they will be sufficient to cover all potential cybersecurity events or losses we incur in connection with such events. We require our associates to receive annual training on our cybersecurity policies and practices. This may include, but is not limited to, training regarding information classification and handling, data privacy, physical security, phishing, malware and ransomware, social engineering, identifying and reporting information security incidents, and secure credit card handling, as well as additional topics based on job roles and responsibilities. We also maintain written cybersecurity policies and procedures that apply to the entire Company and third parties who handle our data or have access to our information technology systems. These policies and procedures establish the framework for our cybersecurity program and cover topics such as acceptable use of information systems, cybersecurity risk management, access management, audit and logging, patching, and cybersecurity requirements for numerous technologies. These policies and procedures are reviewed at least annually, updated as necessary, and integrated into employee training programs and our technology procurement process. We are also subject to the Payment Card Industry Data Security Standard and perform an annual self-assessment according to the requirements set forth by the Payment Card Industry Security Standards Council. Incident Response We have adopted an Incident Response Plan (the “IRP”) that applies in the event of a cybersecurity threat or incident to provide a standardized framework for responding to cybersecurity incidents. The IRP sets out a coordinated approach to investigating, containing, documenting and mitigating incidents, including reporting findings and keeping senior management and other key stakeholders informed and involved as appropriate. The IRP applies to all Company personnel (including third-party contractors, vendors and partners) that perform functions or services that require access to secure Company information, and to all devices and network services that are owned or managed by the Company. The SVP-GIS is responsible for maintaining our IRP. Potentially significant threats are escalated to an interdisciplinary data breach response team (the “DBRT”), which is led by our EVP-CIO and co-chaired by the SVP-GIS, our head of data privacy, and a representative from our Law Department. The DBRT is responsible for oversight and handling of significant cybersecurity threats, incidents, and issues through a documented process. Potentially material cybersecurity incidents are escalated by our EVP-CIO to executive management and reviewed with members of the Company’s Disclosure Committee.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Our Board is responsible for overseeing our processes for assessing and managing enterprise risk, including with respect to cybersecurity. The Board considers our risk profile when reviewing our annual business plan and incorporates risk assessment into its decisions. Our Board has delegated the primary responsibility for oversight of cybersecurity risk to the Audit Committee. The Audit Committee regularly reviews our cybersecurity and data security risks and mitigation strategies. At least twice each year, the Audit Committee receives reports and presentations from members of our team responsible for overseeing our cybersecurity risk management, including our Senior Vice President, Global Information Security (“SVP-GIS”) and our Executive Vice President and Chief Information Officer (“EVP-CIO”), and periodically receives reports and presentations from third parties. These reports may address a wide range of topics, including recent developments, evolving standards, third-party and independent reviews, the threat environment, technological trends and cybersecurity considerations arising with respect to our peers and third parties. The Audit Committee reports to the Board on cybersecurity matters. We also have protocols by which certain cybersecurity incidents that meet established reporting thresholds are escalated within the Company and, where appropriate, reported to the Audit Committee in a timely manner.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Our Board is responsible for overseeing our processes for assessing and managing enterprise risk, including with respect to cybersecurity.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	At least twice each year, the Audit Committee receives reports and presentations from members of our team responsible for overseeing our cybersecurity risk management, including our Senior Vice President, Global Information Security (“SVP-GIS”) and our Executive Vice President and Chief Information Officer (“EVP-CIO”), and periodically receives reports and presentations from third parties.
Cybersecurity Risk Role of Management [Text Block]	Our Board has delegated the primary responsibility for oversight of cybersecurity risk to the Audit Committee. The Audit Committee regularly reviews our cybersecurity and data security risks and mitigation strategies. At least twice each year, the Audit Committee receives reports and presentations from members of our team responsible for overseeing our cybersecurity risk management, including our Senior Vice President, Global Information Security (“SVP-GIS”) and our Executive Vice President and Chief Information Officer (“EVP-CIO”), and periodically receives reports and presentations from third parties. These reports may address a wide range of topics, including recent developments, evolving standards, third-party and independent reviews, the threat environment, technological trends and cybersecurity considerations arising with respect to our peers and third parties. The Audit Committee reports to the Board on cybersecurity matters. We also have protocols by which certain cybersecurity incidents that meet established reporting thresholds are escalated within the Company and, where appropriate, reported to the Audit Committee in a timely manner.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	At the management level, our SVP-GIS is responsible for the assessment and management of risks from cybersecurity threats. Our SVP-GIS has extensive cybersecurity knowledge and skills gained from over 25 years of experience in government and industries including retail and manufacturing, and industry certifications including Certified Information Systems Security Professional (“CISSP”) from ISC Squared and Global Information Assurance Certification (“GIAC”) from SANS Institute. Our SVP-GIS also has experience in forensic investigations, strategic cyber risk management, and cybersecurity program development. Our SVP-GIS leads the team responsible for implementing, monitoring and maintaining cybersecurity policies and practices across our business and reports directly to our EVP-CIO. Our SVP-GIS’s direct reports include a number of experienced cybersecurity leaders responsible for various aspects of our cybersecurity program, each of whom is supported by a team of experienced cybersecurity professionals. The functions that report to our SVP-GIS include: cybersecurity risk management, Payment Card Industry compliance, and cybersecurity testing; operation of protective cybersecurity tools and systems; cybersecurity monitoring, incident response, and digital forensics; cybersecurity research and development and support for information technology and cybersecurity functions. Our SVP-GIS works closely with our Law Department and regularly engages expert consultants and other third parties to assist with assessing, identifying, and managing cybersecurity risks and to oversee compliance with legal, regulatory and contractual cybersecurity requirements. The EVP-CIO and SVP-GIS also periodically attend Audit Committee meetings to report on any material developments.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	Our SVP-GIS has extensive cybersecurity knowledge and skills gained from over 25 years of experience in government and industries including retail and manufacturing, and industry certifications including Certified Information Systems Security Professional (“CISSP”) from ISC Squared and Global Information Assurance Certification (“GIAC”) from SANS Institute. Our SVP-GIS also has experience in forensic investigations, strategic cyber risk management, and cybersecurity program development. Our SVP-GIS leads the team responsible for implementing, monitoring and maintaining cybersecurity policies and practices across our business and reports directly to our EVP-CIO.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	The Audit Committee reports to the Board on cybersecurity matters. We also have protocols by which certain cybersecurity incidents that meet established reporting thresholds are escalated within the Company and, where appropriate, reported to the Audit Committee in a timely manner.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Management

We have implemented a cross-functional approach to identifying, preventing and mitigating cybersecurity threats and incidents, while also implementing controls and procedures that provide for the escalation of certain cybersecurity incidents.

At the management level, our SVP-GIS is responsible for the assessment and management of risks from cybersecurity threats. Our SVP-GIS has extensive cybersecurity knowledge and skills gained from over 25 years of experience in government and industries including retail and manufacturing, and industry certifications including Certified Information Systems Security Professional (“CISSP”) from ISC Squared and Global Information Assurance Certification (“GIAC”) from SANS Institute. Our SVP-GIS also has experience in forensic investigations, strategic cyber risk management, and cybersecurity program development. Our SVP-GIS leads the team responsible for implementing, monitoring and maintaining cybersecurity policies and practices across our business and reports directly to our EVP-CIO. Our SVP-GIS’s direct reports include a number of experienced cybersecurity leaders responsible for various aspects of our cybersecurity program, each of whom is supported by a team of experienced cybersecurity professionals.

The functions that report to our SVP-GIS include: cybersecurity risk management, Payment Card Industry compliance, and cybersecurity testing; operation of protective cybersecurity tools and systems; cybersecurity monitoring, incident response, and digital forensics; cybersecurity research and development and support for information technology and cybersecurity functions.

Our SVP-GIS works closely with our Law Department and regularly engages expert consultants and other third parties to assist with assessing, identifying, and managing cybersecurity risks and to oversee compliance with legal, regulatory and contractual cybersecurity requirements. The EVP-CIO and SVP-GIS also periodically attend Audit Committee meetings to report on any material developments.

Risk Management and Strategy

We employ systems and processes designed to oversee, identify, and reduce the potential impact of a cybersecurity incident at a third-party vendor, service provider or customer or otherwise implicating the third-party technology and systems we use. Our processes and systems include automated tools and technical safeguards managed and monitored by our cybersecurity team. We currently carry cybersecurity insurance, however, we cannot assure you that we will be able to maintain such policies in the future or that they will be sufficient to cover all potential cybersecurity events or losses we incur in connection with such events.

We require our associates to receive annual training on our cybersecurity policies and practices. This may include, but is not limited to, training regarding information classification and handling, data privacy, physical security, phishing, malware and ransomware, social engineering, identifying and reporting information security incidents, and secure credit card handling, as well as additional topics based on job roles and responsibilities. We also maintain written cybersecurity policies and procedures that apply to the entire Company and third parties who handle our data or have access to our information technology systems. These policies and procedures establish the framework for our cybersecurity program and cover topics such as acceptable use of information systems, cybersecurity risk management, access management, audit and logging, patching, and cybersecurity requirements for numerous technologies. These policies and procedures are reviewed at least annually, updated as necessary, and integrated into employee training programs and our technology procurement process. We are also subject to the Payment Card Industry Data Security Standard and perform an annual self-assessment according to the requirements set forth by the Payment Card Industry Security Standards Council.

Incident Response

We have adopted an Incident Response Plan (the “IRP”) that applies in the event of a cybersecurity threat or incident to provide a standardized framework for responding to cybersecurity incidents. The IRP sets out a coordinated approach to investigating, containing, documenting and mitigating incidents, including reporting findings and keeping senior management and other key stakeholders informed and involved as appropriate. The IRP applies to all Company personnel (including third-party contractors, vendors and partners) that perform functions or services that require access to secure Company information, and to all devices and network services that are owned or managed by the Company.

The SVP-GIS is responsible for maintaining our IRP. Potentially significant threats are escalated to an interdisciplinary data breach response team (the “DBRT”), which is led by our EVP-CIO and co-chaired by the SVP-GIS, our head of data privacy, and a representative from our Law Department. The DBRT is responsible for oversight and handling of significant cybersecurity threats, incidents, and issues through a documented process. Potentially material cybersecurity incidents are escalated by our EVP-CIO to executive management and reviewed with members of the Company’s Disclosure Committee.

Cybersecurity Risk Management Processes Integrated [Text Block]

We have implemented a cross-functional approach to identifying, preventing and mitigating cybersecurity threats and incidents, while also implementing controls and procedures that provide for the escalation of certain cybersecurity incidents.

We employ systems and processes designed to oversee, identify, and reduce the potential impact of a cybersecurity incident at a third-party vendor, service provider or customer or otherwise implicating the third-party technology and systems we use. Our processes and systems include automated tools and technical safeguards managed and monitored by our cybersecurity team. We currently carry cybersecurity insurance, however, we cannot assure you that we will be able to maintain such policies in the future or that they will be sufficient to cover all potential cybersecurity events or losses we incur in connection with such events.

We require our associates to receive annual training on our cybersecurity policies and practices. This may include, but is not limited to, training regarding information classification and handling, data privacy, physical security, phishing, malware and ransomware, social engineering, identifying and reporting information security incidents, and secure credit card handling, as well as additional topics based on job roles and responsibilities. We also maintain written cybersecurity policies and procedures that apply to the entire Company and third parties who handle our data or have access to our information technology systems. These policies and procedures establish the framework for our cybersecurity program and cover topics such as acceptable use of information systems, cybersecurity risk management, access management, audit and logging, patching, and cybersecurity requirements for numerous technologies. These policies and procedures are reviewed at least annually, updated as necessary, and integrated into employee training programs and our technology procurement process. We are also subject to the Payment Card Industry Data Security Standard and perform an annual self-assessment according to the requirements set forth by the Payment Card Industry Security Standards Council.

Incident Response

We have adopted an Incident Response Plan (the “IRP”) that applies in the event of a cybersecurity threat or incident to provide a standardized framework for responding to cybersecurity incidents. The IRP sets out a coordinated approach to investigating, containing, documenting and mitigating incidents, including reporting findings and keeping senior management and other key stakeholders informed and involved as appropriate. The IRP applies to all Company personnel (including third-party contractors, vendors and partners) that perform functions or services that require access to secure Company information, and to all devices and network services that are owned or managed by the Company.

The SVP-GIS is responsible for maintaining our IRP. Potentially significant threats are escalated to an interdisciplinary data breach response team (the “DBRT”), which is led by our EVP-CIO and co-chaired by the SVP-GIS, our head of data privacy, and a representative from our Law Department. The DBRT is responsible for oversight and handling of significant cybersecurity threats, incidents, and issues through a documented process. Potentially material cybersecurity incidents are escalated by our EVP-CIO to executive management and reviewed with members of the Company’s Disclosure Committee.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Board of Directors Oversight [Text Block]

Our Board is responsible for overseeing our processes for assessing and managing enterprise risk, including with respect to cybersecurity. The Board considers our risk profile when reviewing our annual business plan and incorporates risk assessment into its decisions.

Our Board has delegated the primary responsibility for oversight of cybersecurity risk to the Audit Committee. The Audit Committee regularly reviews our cybersecurity and data security risks and mitigation strategies. At least twice each year, the Audit Committee receives reports and presentations from members of our team responsible for overseeing our cybersecurity risk management, including our Senior Vice President, Global Information Security (“SVP-GIS”) and our Executive Vice President and Chief Information Officer (“EVP-CIO”), and periodically receives reports and presentations from third parties. These reports may address a wide range of topics, including recent developments, evolving standards, third-party and independent reviews, the threat environment, technological trends and cybersecurity considerations arising with respect to our peers and third parties. The Audit Committee reports to the Board on cybersecurity matters. We also have protocols by which certain cybersecurity incidents that meet established reporting thresholds are escalated within the Company and, where appropriate, reported to the Audit Committee in a timely manner.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

At least twice each year, the Audit Committee receives reports and presentations from members of our team responsible for overseeing our cybersecurity risk management, including our Senior Vice President, Global Information Security (“SVP-GIS”) and our Executive Vice President and Chief Information Officer (“EVP-CIO”), and periodically receives reports and presentations from third parties.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our SVP-GIS has extensive cybersecurity knowledge and skills gained from over 25 years of experience in government and industries including retail and manufacturing, and industry certifications including Certified Information Systems Security Professional (“CISSP”) from ISC Squared and Global Information Assurance Certification (“GIAC”) from SANS Institute. Our SVP-GIS also has experience in forensic investigations, strategic cyber risk management, and cybersecurity program development. Our SVP-GIS leads the team responsible for implementing, monitoring and maintaining cybersecurity policies and practices across our business and reports directly to our EVP-CIO.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true