Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Jan. 31, 2026 | |||||||||||||||||||||||||||||||
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |||||||||||||||||||||||||||||||
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Audit & Risk Committee and Board of Directors updates. To inform and educate the Audit & Risk Committee in its primary oversight responsibility for information security, cybersecurity, and data privacy, management provides updates on these topics. For example, the Chief Information Security Officer addresses information security risks and controls, cyber threats, and other program updates, and senior members of the risk team provide enterprise risk management program updates. In addition, the Board of Directors receives updates from management regarding Target’s overall risks, which include risks related to these topics. •Integration into enterprise risk management program. By aligning the identification, assessment, and management of risks related to information security, cybersecurity, and data privacy with our overall approach to risk oversight by the Board of Directors, its committees, and management, we have integrated these practices into our enterprise risk management program. •Management expertise. Our Chief Information and Product Officer leads the strategic direction and management of Target’s product and engineering teams. He is responsible for Target’s enterprise technology systems and oversees Target’s cybersecurity, data platforms, data science, infrastructure, product engineering, and enterprise product teams. He previously served as Target's Chief Digital and Product Officer and held a variety of leadership roles in enterprise technology and product management prior to joining Target. He has developed significant knowledge and skills regarding enterprise technology systems, including cybersecurity. Our Chief Information Security Officer has a strong background in technology, information security, cybersecurity, threat intelligence, incident response, data protection, compliance, and risk management. She champions a strong security culture both internally and externally and contributes to the broader cybersecurity community by serving in several advisory roles and promoting industry collaboration, best-practice sharing, and talent development. •Systems and processes. We use a combination of industry-leading tools and in-house technologies to protect Target and our guests, operate a proactive threat intelligence program to identify and assess risks, including from threats associated with our use of third-party service providers, and we run a cyber fusion center to investigate and respond to threats. Our program is based on recognized industry security standards and control frameworks, which we seek to validate through internal and independent assessments. Our cybersecurity team regularly tests our controls through penetration testing, vulnerability scanning, and attack simulation. In addition, we have an incident response program to address potential security and privacy incidents. As part of this incident response program, members of management are informed about and monitor the prevention, detection, mitigation, and remediation of potential security and privacy incidents. The program uses a coordinated escalation model to provide information to, and engage with, relevant members of management and the Board of Directors, as needed, throughout the incident response process. •Understanding evolving threats in the industry and with our suppliers. Our cybersecurity and data privacy teams work to understand evolving threats, developing issues, and industry trends, and our vendor teams monitor and assess risks with our suppliers. •Collaboration with organizations across different industries. We share threat intelligence and collaborate with organizations across different industries to share best practices, fight cybercrime, enhance privacy, discuss new technologies, better understand the evolving regulatory environment, and advance capabilities in these areas. •Investment, training, and development of our cybersecurity and data privacy teams. We invest in building and developing cybersecurity talent and engineering expertise, using both in-house and external resources rather than relying solely on third-party providers. Our training model combines internal subject matter expertise with curated external resources. Our cybersecurity and data privacy team members hold industry certifications, stay current on emerging technologies, and regularly participate in training and conferences. •Regular training and compliance activities for our team members. Our team members receive annual mandatory training on information security, cybersecurity, and data privacy topics to understand the behaviors and technical requirements necessary to protect company and guest information, and appropriately collect, use, and share personal information. We also offer ongoing practice and education for team members to recognize and report suspicious activity. •Use of third parties. Beyond our in-house capabilities we engage with leading security and technology vendors to assess our information security and cybersecurity program and test our technical capabilities. •Insurance coverage. We maintain insurance coverage intended to limit our exposure to certain network security and privacy matters.
|
||||||||||||||||||||||||||||||
| Cybersecurity Risk Management Processes Integrated [Flag] | true | ||||||||||||||||||||||||||||||
| Cybersecurity Risk Management Processes Integrated [Text Block] | Integration into enterprise risk management program. By aligning the identification, assessment, and management of risks related to information security, cybersecurity, and data privacy with our overall approach to risk oversight by the Board of Directors, its committees, and management, we have integrated these practices into our enterprise risk management program. | ||||||||||||||||||||||||||||||
| Cybersecurity Risk Management Third Party Engaged [Flag] | true | ||||||||||||||||||||||||||||||
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true | ||||||||||||||||||||||||||||||
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false | ||||||||||||||||||||||||||||||
| Cybersecurity Risk Board of Directors Oversight [Text Block] | While everyone at Target plays a part in information security, cybersecurity, and data privacy, oversight responsibility is shared by our Board of Directors, its committees, and management.
|
||||||||||||||||||||||||||||||
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Understanding evolving threats in the industry and with our suppliers. Our cybersecurity and data privacy teams work to understand evolving threats, developing issues, and industry trends, and our vendor teams monitor and assess risks with our suppliers. •Collaboration with organizations across different industries. We share threat intelligence and collaborate with organizations across different industries to share best practices, fight cybercrime, enhance privacy, discuss new technologies, better understand the evolving regulatory environment, and advance capabilities in these areas.
|
||||||||||||||||||||||||||||||
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Primary oversight responsibility for information security, cybersecurity, and data privacy, including internal controls designed to identify, assess, and manage risks related to these topics
|
||||||||||||||||||||||||||||||
| Cybersecurity Risk Role of Management [Text Block] | Audit & Risk Committee and Board of Directors updates. To inform and educate the Audit & Risk Committee in its primary oversight responsibility for information security, cybersecurity, and data privacy, management provides updates on these topics. For example, the Chief Information Security Officer addresses information security risks and controls, cyber threats, and other program updates, and senior members of the risk team provide enterprise risk management program updates. In addition, the Board of Directors receives updates from management regarding Target’s overall risks, which include risks related to these topics. •Integration into enterprise risk management program. By aligning the identification, assessment, and management of risks related to information security, cybersecurity, and data privacy with our overall approach to risk oversight by the Board of Directors, its committees, and management, we have integrated these practices into our enterprise risk management program. •Management expertise. Our Chief Information and Product Officer leads the strategic direction and management of Target’s product and engineering teams. He is responsible for Target’s enterprise technology systems and oversees Target’s cybersecurity, data platforms, data science, infrastructure, product engineering, and enterprise product teams. He previously served as Target's Chief Digital and Product Officer and held a variety of leadership roles in enterprise technology and product management prior to joining Target. He has developed significant knowledge and skills regarding enterprise technology systems, including cybersecurity. Our Chief Information Security Officer has a strong background in technology, information security, cybersecurity, threat intelligence, incident response, data protection, compliance, and risk management. She champions a strong security culture both internally and externally and contributes to the broader cybersecurity community by serving in several advisory roles and promoting industry collaboration, best-practice sharing, and talent development.
|
||||||||||||||||||||||||||||||
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true | ||||||||||||||||||||||||||||||
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Our Chief Information and Product Officer leads the strategic direction and management of Target’s product and engineering teams. He is responsible for Target’s enterprise technology systems and oversees Target’s cybersecurity, data platforms, data science, infrastructure, product engineering, and enterprise product teams. He previously served as Target's Chief Digital and Product Officer and held a variety of leadership roles in enterprise technology and product management prior to joining Target. He has developed significant knowledge and skills regarding enterprise technology systems, including cybersecurity. Our Chief Information Security Officer has a strong background in technology, information security, cybersecurity, threat intelligence, incident response, data protection, compliance, and risk management. She champions a strong security culture both internally and externally and contributes to the broader cybersecurity community by serving in several advisory roles and promoting industry collaboration, best-practice sharing, and talent development. | ||||||||||||||||||||||||||||||
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Management expertise. Our Chief Information and Product Officer leads the strategic direction and management of Target’s product and engineering teams. He is responsible for Target’s enterprise technology systems and oversees Target’s cybersecurity, data platforms, data science, infrastructure, product engineering, and enterprise product teams. He previously served as Target's Chief Digital and Product Officer and held a variety of leadership roles in enterprise technology and product management prior to joining Target. He has developed significant knowledge and skills regarding enterprise technology systems, including cybersecurity. Our Chief Information Security Officer has a strong background in technology, information security, cybersecurity, threat intelligence, incident response, data protection, compliance, and risk management. She champions a strong security culture both internally and externally and contributes to the broader cybersecurity community by serving in several advisory roles and promoting industry collaboration, best-practice sharing, and talent development. | ||||||||||||||||||||||||||||||
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | To inform and educate the Audit & Risk Committee in its primary oversight responsibility for information security, cybersecurity, and data privacy, management provides updates on these topics. | ||||||||||||||||||||||||||||||
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true | ||||||||||||||||||||||||||||||