Optus has been told to focus on helping customers who had their personal details leaked rather than briefing lawyers ahead of a potential class action.
Assistant Treasurer Stephen Jones labelled Optus parent company Singtel engaging lawyers "unfortunate" said it was making a bad situation worse.
Tens of thousands of Australians have registered interest in class action suits against Optus over the breach.
Legal firm Slater and Gordon, which is taking expressions of interest in one legal action, said the impact of the hack was being felt far and wide, including by domestic violence survivors and stalking victims.
Singtel told the Singapore stock exchange any class action would be "vigorously defended", prompting Mr Jones' rebuke.
"The Australian people want to see Optus deal with the crisis instead of engaging and briefing lawyers," he told reporters on Wednesday.
"Their number-one priority should be communicating with customers and ensuring them they have put every step in place to ensure the bad situation, which resulted from their botch-up with the data handling, isn't made worse by having that lead to fraud and misuse of that data now."
The personal details of more than 10 million Optus customers were exposed in the data breach, with up to 50,000 Medicare records and 150,000 passports compromised.
Mr Jones said only a collaborative approach could see the crisis dealt with effectively.
"Yes, we want (Optus) to pay for passports because the costs are going to be incurred immediately," he said.
"Yes, we want you to pay for licences, because people are queuing up and having to pay for a licence replacement.
"We're not talking about lawyering up, we're not talking about any of those liabilities, we're talking about it quite sensibly."
Cybersecurity specialists Trellix say Australian businesses are facing in excess of 55 cyber incidents a day, the highest rate in the Asia-Pacific.
The company says more than 85 per cent of companies surveyed had lost more up to 10 per cent of their revenue due to security breaches over the past year.
More than half said they needed to update their security.
Trellix said it took an average of two days for cybersecurity professions to report breaches to their boards.
For some businesses, it took more than three days.