I don’t think these are big problems, but there are lots of details we don’t have.
Check the logs (/var/log/asterisk/full) and see what the actual call path was.
Check and make sure you don’t have Anonymous phones enabled.
Check your firewall settings. You should only allow remote connections to the server (especially on your SIP port) to know good addresses. The obvious players there are your ITSP, you remote office phones, etc.
6.12 is pretty old - you might want to consider an update to a newer version, especially if you aren’t running some kind of firewall.
Both of your examples terminated in “congestion”, which means the number that was called is not a valid number for your outbound calling rules. The fact that there were 11 of them at about the same time simply means that someone tried to screw you over and probably failed. Keep looking and tighten up your access controls - you’re probably still safe.